[tor-bugs] #11403 [- Select a component]: tor dns + bind = lame name-server

Fri Apr 4 16:10:57 UTC 2014

#11403: tor dns + bind = lame name-server
----------------------------------+---------------------
 Reporter:  d3xt3r01              |          Owner:
     Type:  defect                |         Status:  new
 Priority:  normal                |      Milestone:
Component:  - Select a component  |        Version:
 Keywords:                        |  Actual Points:
Parent ID:                        |         Points:
----------------------------------+---------------------
 Hello,

 I've been trying for a couple of hours now to make this work .. a part
 went ok .. but there still seems to be a problem.

 My named/bind setup looks like this:

 zone "onion" IN {
         type forward;
         forwarders {
                 127.0.0.2;
         };
 };

 My ~/.torrc
 #Log debug
 User dexter
 DataDirectory /home/dexter/.tor/
 SocksListenAddress 127.0.0.1
 SocksListenAddress 192.168.1.95
 SocksPolicy accept 127.0.0.1/32
 SocksPolicy accept 192.168.1.0/24
 SocksPolicy reject *
 NewCircuitPeriod 99999
 KeepalivePeriod 60
 DNSPort 127.0.0.2:53
 TransPort 9040
 AutomapHostsOnResolve 1
 VirtualAddrNetwork 10.192.0.0/10
 HiddenServiceDir /home/dexter/.tor/hidden_service/
 HiddenServicePort 80 127.0.0.1:80

 My resolv.conf
 nameserver 127.0.0.1
 Bind listens on 127.0.0.1:53

 Here's what happens:

 $ dig +short a pcl5dt2boqqvmpk7.onion @127.0.0.2
 10.206.233.205
 $ dig +short a pcl5dt2boqqvmpk7.onion @127.0.0.2
 10.206.233.205
 $ dig +short a pcl5dt2boqqvmpk7.onion @127.0.0.2
 10.206.233.205
 So tor's dns server is ok...

 $ dig +short a pcl5dt2boqqvmpk7.onion @127.0.0.1
 10.206.233.205
 $ dig +short a pcl5dt2boqqvmpk7.onion @127.0.0.1
 10.206.233.205
 $ dig +short a pcl5dt2boqqvmpk7.onion @127.0.0.1
 10.206.233.205
 So my bind forwards ok. Now watch this:

 $ dig +short aaaa pcl5dt2boqqvmpk7.onion @127.0.0.1
 $ dig +short a pcl5dt2boqqvmpk7.onion @127.0.0.1
 $ dig +short a pcl5dt2boqqvmpk7.onion @127.0.0.1
 $ dig +short a pcl5dt2boqqvmpk7.onion @127.0.0.2
 10.206.233.205

 So, as soon as named asks for something, the tor dns doesn't answer
 correctly answering with an A for an AAAA instead of giving an empty AAAA
 with NOERROR ( I think this is the problem ) and gets marked as a lame-
 server and will cache it like this for 600 seconds I think.

 Named's logs show this:
 queries: info: client 127.0.0.1#55980 (pcl5dt2boqqvmpk7.onion): view
 internal: query: pcl5dt2boqqvmpk7.onion IN A +E (127.0.0.1)
 queries: info: client 127.0.0.1#37020 (pcl5dt2boqqvmpk7.onion): view
 internal: query: pcl5dt2boqqvmpk7.onion IN A +E (127.0.0.1)
 queries: info: client 127.0.0.1#40132 (pcl5dt2boqqvmpk7.onion): view
 internal: query: pcl5dt2boqqvmpk7.onion IN A +E (127.0.0.1)
 queries: info: client 127.0.0.1#47246 (pcl5dt2boqqvmpk7.onion): view
 internal: query: pcl5dt2boqqvmpk7.onion IN AAAA +E (127.0.0.1)
 resolver: notice: DNS format error from 127.0.0.2#53 resolving
 pcl5dt2boqqvmpk7.onion/AAAA for client 127.0.0.1#47246: reply has no
 answer
 lame-servers: info: error (FORMERR) resolving
 'pcl5dt2boqqvmpk7.onion/AAAA/IN': 127.0.0.2#53
 queries: info: client 127.0.0.1#59716 (pcl5dt2boqqvmpk7.onion): view
 internal: query: pcl5dt2boqqvmpk7.onion IN A +E (127.0.0.1)
 queries: info: client 127.0.0.1#55020 (pcl5dt2boqqvmpk7.onion): view
 internal: query: pcl5dt2boqqvmpk7.onion IN A +E (127.0.0.1)

 Any ideas on how to solve this ?
 Thanks in advance.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11403>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online