Domain name based policies (was: Call for discussion: turning funding into more exit relays)
2012/8/1 Roger Dingledine <arma@mit.edu>:
On Tue, Jul 31, 2012 at 11:21:01AM +0100, mick wrote:
Question for tor developers. How hard would it be to change the logic (and syntax) of exit policy in tor to allow domain based formulations like:
reject *.gmail.com reject *aol.com
Very hard.
https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#Exitpoliciesshouldb...
Hi, While I see how allowing wildcards and domains in policies would be more than challenging, wouldn't it be possible to : - resolve domain-names at Tor startup, and get all associated A and AAAA records - Repeat when record's TTL is reached. Of course, it wouldn't work for sites that don't advertise all their IPs. It would also require the Exit node's operator to run some DNS resolver (or trust an external one), but locally running unbound (for example) is quite simple. Moreover, the risk evoked in the FAQ is already present : if I poison an exit node's DNS resolver, wouldn't I be able to replace nytimes.com A record with some bogon, like 0.0.0.0 ? Nicolas
Sent from my iPhone 5 Am 01.08.2012 um 10:30 schrieb "Nicolas Braud-Santoni" <nicolas@braud-santoni.eu>:
2012/8/1 Roger Dingledine <arma@mit.edu>:
On Tue, Jul 31, 2012 at 11:21:01AM +0100, mick wrote:
Question for tor developers. How hard would it be to change the logic (and syntax) of exit policy in tor to allow domain based formulations like:
reject *.gmail.com reject *aol.com
Very hard.
https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#Exitpoliciesshouldb...
Hi,
While I see how allowing wildcards and domains in policies would be more than challenging, wouldn't it be possible to : - resolve domain-names at Tor startup, and get all associated A and AAAA records - Repeat when record's TTL is reached.
this wont work for shared hosts. You would block all websites on that server not only the domains you wanted. You can only do that with intercepting http like a proxy.
Of course, it wouldn't work for sites that don't advertise all their IPs.
It would also require the Exit node's operator to run some DNS resolver (or trust an external one), but locally running unbound (for example) is quite simple. Moreover, the risk evoked in the FAQ is already present : if I poison an exit node's DNS resolver, wouldn't I be able to replace nytimes.com A record with some bogon, like 0.0.0.0 ?
Nicolas _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
participants (2)
-
Administrator -
Nicolas Braud-Santoni