Re: [Tails-dev] Arbitrary DNS queries... and Tor 0.2.2.x

This message is part of the following thread:
M\the complete thread tree sorted by date
MManonym at <-
MMMintrigeri at ->
Delete this message

Reply to this message
Author: Anders
Date:  
To: tails-dev
Subject: Re: [Tails-dev] Arbitrary DNS queries... and Tor 0.2.2.x
Hi,

On 2011-07-26 23:47, intrigeri wrote:
> [...]
> What we really want instead is: query Tor resolver first, fallback to
> ttdnsd if the former fails. This is possible using Tor 0.2.2.x.

That sounds like a reasonable solution. But there is probably no harm in
waiting and sticking with DNSPort until the 0.2.2 stable is out.

The only reason I even consider it worth while using some thing other
than DNSPort in the long run is to get DNSSEC working. Using ttdnsd
won't solve this though. Getting MX and SRV (for XMPP) is nice, and
ttdnsd fixes this, but it's not really an instant must have.

Another option, one that I'm considering for the Haven OS, is to use the
unbound dns server with a patch that forces it to only send tcp traffic.
That way all dns requests are sent over tor and since we are doing the
name resolution our selves, there is no need to rely on any one open dns
server. This way we can also resolve every type of query (even DNSSEC
stuff).

I'm not quite sure what the anonymity implications are of doing it like
this, so it will need some more thought. But this might be something to
consider for the future.

Best regards,
Anders

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] Arbitrary DNS queries... and Tor 0.2.2.xRe: [Tails-dev] Arbitrary DNS queries... and Tor 0.2.2.x->
lists.autistici.org administrated by postmasterLurker (version 2.3)