Tor & DNS Requests

Ringo Kamens 2600denver at gmail.com
Thu May 4 21:45:48 UTC 2006 

I'm also interested to know those answers.

On 5/4/06, Joseph B Kowalski <jbk at hush.ai> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello everyone,
>
>
> I have a few questions about how the Tor network handles DNS lookup
> requests that I couldn't find answers to in any of the
> documentation I went through, so hopefully I can find an answer
> here.
>
>
> 1) It is clear that the Tor network only handles TCP traffic and
> not UDP, which is, of course, what standard DNS lookup requests use
> (UDP). So, when directing DNS lookup requests into the Tor network
> (whether by setting the network.proxy.socks_remote_dns flag in
> Firefox or using Privoxy or whatever), is the application or proxy
> (Firefox or Privoxy, in this example) handing the DNS lookup
> request to the Tor client using TCP already, or does the Tor client
> translate the UDP DNS lookup request into a TCP DNS lookup request
> before passing to the first OR (entry node)?
>
> 2) Once the DNS lookup request reaches the exit node, does the exit
> node perform a standard UDP DNS lookup using it's configured
> nameservers, or does it do it using a TCP DNS lookup?
>
> 3) Is it necessary to allow traffic to port 53 in the exit policy
> of an OR in order for that OR to perform DNS lookups on the behalf
> of client requests? I know that common sense appears to suggest
> that this is so, but I couldn't find anything in the documentation
> stating if DNS lookups are just something all exit nodes handle
> automatically and by default, or if only exit nodes configured to
> allow outbound traffic to port 53 allow them. Furthermore,
> depending on what the answer to question number 2 is, one might
> think that allowing outbound traffic to port 53 in an exit policy
> is only necessary if the operator wants to allow TCP connections to
> port 53, since that is, of course, the case with every other port
> you could put in an exit policy (TCP-ONLY).
>
>
>
> Any clarification would be appreciated. If I wasn't clear on any of
> the questions, please feel free to let me know, and I'll try to do
> a better job explaining.
>
>
>
>
> Thank you.
>
>
>
>
>
> Best regards,
>
>
>
>
>
> Joe Kowalski
> PGP Key ID: 0xA96A2EE0
>
> -----BEGIN PGP SIGNATURE-----
> Note: This signature can be verified at https://www.hushtools.com/verify
> Version: Hush 2.5
>
> wkYEARECAAYFAkRabp0ACgkQQ4RaO6lqLuDFiwCaAx+gRctNSaWVShdVAw3niZ7wmhoA
> n2NeAo2n3AVpXYSn+UxPXz7/oyhT
> =j381
> -----END PGP SIGNATURE-----
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060504/7917690b/attachment.htm>

More information about the tor-talk mailing list