On Thu, Jun 14, 2018 at 04:22:00PM +0000, nusenu wrote:
imagine you have two tabs in Tor Browser:
1: torproject.org (circuit A) embeds some youtube.com content
2: google.com (circuit B) embeds some youtube.com content
it will route the TCP connection via two distinct circuits (A and B) as described in the design document [1]
Correct.
Will DNS resolution be isolated using the same logic?
Yes.
torproject.org and youtube.com will be resolved via circuit A and google.com and youtube.com will be resolved via circuit B
Is that correct?
Yes.
(In the distant past, the Tor client would cache DNS answers on the client side, so when a later circuit requests the same address, it can just provide the IP address, saving the exit relay from having to do an unnecessary resolve. But that's bad for isolation, and it's bad for geodns designs (where the dns server gives you an answer tailored for your current location, so re-using that answer from a different location is not best), and also it doesn't actually save the exit relay that much since it *can* cache its resolves.)
--Roger