[tor-bugs] #19025 [Core Tor/Tor]: Exit relays always return DNS TTL 60 to tor clients

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jul 27 16:31:42 UTC 2016


#19025: Exit relays always return DNS TTL 60 to tor clients
--------------------------+------------------------------------
 Reporter:  phw           |          Owner:
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:
Component:  Core Tor/Tor  |        Version:  Tor: 0.2.8.2-alpha
 Severity:  Normal        |     Resolution:
 Keywords:  dns           |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by phw):

 This bug also affects an exit relay's DNS cache. Exits cache DNS responses
 for the duration of their TTL (see `make_pending_resolve_cached`), but
 since they are always set to 0, we end up with MIN_DNS_TTL (see
 `dns_get_expiry_ttl`), which is 60. So each domain, regardless of its TTL,
 is cached for only 60 seconds, resulting in more DNS requests than
 necessary.

 I have a patch in the branch `bug-19025` in the following repository:
 https://github.com/NullHypothesis/tor

 I briefly tested it on my exit relay, and it seems to work. The following
 log is the result of requesting the domain cartography.nymity.ch three
 times. The exit's cache was cold.
 {{{
 Jul 27 18:17:14.000 [notice] Added domain cartography.nymity.ch with
 expiry=1800, ttlv4=10800, ttlv6=0, ttlhost=0 to cache.
 Jul 27 18:17:22.000 [notice] Address cartography.nymity.ch was already in
 cache, expire=1792.
 Jul 27 18:23:59.000 [notice] Address cartography.nymity.ch was already in
 cache, expire=1395.
 }}}

 My Tor client also received the correct TTL from the exit.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19025#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list