lets make 'working DNS' an exit flag requirement

I'd like to see 'working DNS' as a requirement for the exit flag. If there are no major objections and if I'm able to find someone to implement it I'd like to proceed with writing a small proposal. Would anyone be willing to implement it in tor? https://trac.torproject.org/projects/tor/ticket/26691 -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu

I'm going to state my support for it here. I'm not a developer however I agree all exits should provide DNS from a local resolver (Unbound or similar) to get the exit flag. On Wed, Jul 11, 2018 at 12:38 PM nusenu <nusenu-lists@riseup.net> wrote:
I'd like to see 'working DNS' as a requirement for the exit flag.
If there are no major objections and if I'm able to find someone to implement it I'd like to proceed with writing a small proposal.
Would anyone be willing to implement it in tor?
https://trac.torproject.org/projects/tor/ticket/26691
-- https://twitter.com/nusenu_ https://mastodon.social/@nusenu
_______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Nathaniel Suchy:
I'm going to state my support for it here. I'm not a developer however I agree all exits should provide DNS from a local resolver (Unbound or similar) to get the exit flag.
just to be clear: the proposal would not require any specific DNS configuration it would simply require the exit to not fail to many DNS resolution attempts. -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu

nusenu <nusenu-lists@riseup.net> writes:
I'd like to see 'working DNS' as a requirement for the exit flag.
If there are no major objections and if I'm able to find someone to implement it I'd like to proceed with writing a small proposal.
Would anyone be willing to implement it in tor?
This would be a feature for scanners, not little-t-tor itself, right? -- meejah

Would anyone be willing to implement it in tor?
This would be a feature for scanners, not little-t-tor itself, right?
the test would be performed by tor in the dir auth role (like other tests performed by dir auths) -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu

there is a great ticket about solving this problem via self-checks: https://trac.torproject.org/projects/tor/ticket/24014 exits will disable exiting once they realize they fail at doing DNS. I believe it will cover most if not all of current problems, lets check again once this is implemented and deployed. would be nice to have that in tor 0.3.5 -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu
participants (3)
-
meejah
-
Nathaniel Suchy
-
nusenu