Alexander Færøy:
Hey Jeremy,
On 2020/05/15 15:53, Jeremy Rand wrote:
FYI I already wrote a Prop279 provider that looks up the names via DNS (it's aptly named "dns-prop279"); it does pretty much exactly what you describe. It doesn't handle DNSSEC validation itself (it assumes that you've specified a DNS server that you trust -- most likely one running on localhost). Stream isolation can be handled via an EDNS0 field (and I'm guessing it would not be difficult to patch an existing DNS server to respect that EDNS0 field). I wouldn't be surprised if it's easy to make dns-prop279 do DNSSEC validation itself (and not use a localhost-based DNS server) if that's desired -- the library it uses (miekg/dns) does claim to support DNSSEC validation, though I've never tried testing that feature.
Very interesting.
I think proposal #279 only tries to solve the subset of name look ups, which is about looking up onions from a human name. The work in this thread is to replace all name lookups *except* for Onions. It could very well be that it would be easier to extend proposal #279 by having it handle all lookups and not just for .onion's, but I think my intuition says that it should be two different systems as onion lookups is still a much more open question whereas Tor will need to support ordinary DNS for many years into the future.
If `OnionNamePlugin` allowed you to specify `.*` for "everything" as the TLD specifier, then it might be possible to implement such system using proposal #279 :-)
Hi Alex,
The Prop279 spec text is ambiguous about whether the target is required to be a .onion domain, but the implementations (TorNS and StemNS) do not have that restriction. TorNS and StemNS allow a Prop279 plugin to advertise acceptance of any domain suffix (haven't explicitly tried the root zone as an suffix, but if that doesn't work, it's a bug that should be easy to fix) and can resolve them to any result (e.g. an IP address, a .onion domain, or another DNS name a la CNAME).
Cheers,