[tor-bugs] #24010 [Core Tor/Torflow]: Make bandwidth authorities use DNS, not IP addresses

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Oct 27 05:37:49 UTC 2017 

#24010: Make bandwidth authorities use DNS, not IP addresses
------------------------------+------------------------
 Reporter:  teor              |          Owner:  aagbsn
     Type:  defect            |         Status:  new
 Priority:  High              |      Milestone:
Component:  Core Tor/Torflow  |        Version:
 Severity:  Normal            |     Resolution:
 Keywords:                    |  Actual Points:
Parent ID:  #21394            |         Points:  1
 Reviewer:                    |        Sponsor:
------------------------------+------------------------

Comment (by arthuredelstein):

 Replying to [comment:6 teor]:

 > If the role of bandwidth scanners is to measure bandwidth *as clients
 experience it*, then using at least some DNS is appropriate.
 > We could use a mix of DNS and IP, because that's what clients do. And if
 we use a CDN as the server, it will need DNS.

 I tend to agree with micah that we shouldn't conflate measuring bandwidth
 with DNS resolver failure rate. These are two different measurements, and
 have different observable effects in clients. In Tor Browser, we see
 frequent DNS resolver failures, which cause very long delays in first
 connecting to a website (ten or twenty seconds).

 But I do think it might be a good approach for bandwidth authorities to
 provide a second, separate service of measuring resolver failure rate. I
 agree it might require using a large pool of domain names to avoid being
 vulnerable to an attack by ISP or host country.

 > Also, exits can check their own DNS (#24014), but judging what is a slow
 resolve is hard, because it needs a comparison to other exits.

 I don't think you need to compare with other exits. We know that tor has a
 hard-coded 10-second timeout. If the DNS resolver takes longer than 10
 seconds, then that should be counted as a failure. Obviously, whether it's
 self-reporting by the exit or measurement by a bandwidth authority, you'd
 want to pick a threshold failure rate above which exits are penalized or
 their exit status is disabled.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24010#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list