I'm also interested to know those answers.<br><br>
<div><span class="gmail_quote">On 5/4/06, <b class="gmail_sendername">Joseph B Kowalski</b> <<a href="mailto:jbk@hush.ai">jbk@hush.ai</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA1<br><br>Hello everyone,<br><br><br>I have a few questions about how the Tor network handles DNS lookup
<br>requests that I couldn't find answers to in any of the<br>documentation I went through, so hopefully I can find an answer<br>here.<br><br><br>1) It is clear that the Tor network only handles TCP traffic and<br>not UDP, which is, of course, what standard DNS lookup requests use
<br>(UDP). So, when directing DNS lookup requests into the Tor network<br>(whether by setting the network.proxy.socks_remote_dns flag in<br>Firefox or using Privoxy or whatever), is the application or proxy<br>(Firefox or Privoxy, in this example) handing the DNS lookup
<br>request to the Tor client using TCP already, or does the Tor client<br>translate the UDP DNS lookup request into a TCP DNS lookup request<br>before passing to the first OR (entry node)?<br><br>2) Once the DNS lookup request reaches the exit node, does the exit
<br>node perform a standard UDP DNS lookup using it's configured<br>nameservers, or does it do it using a TCP DNS lookup?<br><br>3) Is it necessary to allow traffic to port 53 in the exit policy<br>of an OR in order for that OR to perform DNS lookups on the behalf
<br>of client requests? I know that common sense appears to suggest<br>that this is so, but I couldn't find anything in the documentation<br>stating if DNS lookups are just something all exit nodes handle<br>automatically and by default, or if only exit nodes configured to
<br>allow outbound traffic to port 53 allow them. Furthermore,<br>depending on what the answer to question number 2 is, one might<br>think that allowing outbound traffic to port 53 in an exit policy<br>is only necessary if the operator wants to allow TCP connections to
<br>port 53, since that is, of course, the case with every other port<br>you could put in an exit policy (TCP-ONLY).<br><br><br><br>Any clarification would be appreciated. If I wasn't clear on any of<br>the questions, please feel free to let me know, and I'll try to do
<br>a better job explaining.<br><br><br><br><br>Thank you.<br><br><br><br><br><br>Best regards,<br><br><br><br><br><br>Joe Kowalski<br>PGP Key ID: 0xA96A2EE0<br><br>-----BEGIN PGP SIGNATURE-----<br>Note: This signature can be verified at
<a href="https://www.hushtools.com/verify">https://www.hushtools.com/verify</a><br>Version: Hush 2.5<br><br>wkYEARECAAYFAkRabp0ACgkQQ4RaO6lqLuDFiwCaAx+gRctNSaWVShdVAw3niZ7wmhoA<br>n2NeAo2n3AVpXYSn+UxPXz7/oyhT<br>=j381<br>
-----END PGP SIGNATURE-----<br><br><br></blockquote></div><br>