[tor-bugs] #24833 [- Select a component]: DNS not reliably returning AAAA records
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jan 8 22:00:08 UTC 2018
#24833: DNS not reliably returning AAAA records
--------------------------------------+---------------------------
Reporter: Zakhar | Owner: (none)
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: - Select a component | Version: Tor: 0.2.9.14
Severity: Normal | Keywords: DNS AAAA
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------+---------------------------
'''[Enhancement Request]'''
(Cleaner explanation than closed ticket #24798)
I have a Tor Router set with dual stack.
DNS is done in ipv4 through (it should not matter since an ipv4 DNS can
still respond to AAAA queries)
'''I can't find a setting to make DNS reliably returning AAAA records''':
it is sort of "random", probably depending on the exit node.
`$ uname -a`
`Linux user-pc 4.4.0-104-generic #127-Ubuntu SMP Mon Dec 11 12:16:42 UTC
2017 x86_64 x86_64 x86_64 GNU/Linux`
`$ tor --version`
`Tor version 0.2.9.11 (git-aa8950022562be76).`
(I will test 0.3.1, as recommended, next week when we have Bionic Beaver
Alpha 1... to avoid having to compile with Ubuntu chaintool I'm not so
familiar with... and because it has dependencies that are not in 16.04
-already tried!)
Here is the relevant tor snippet
`$ head /etc/tor/torrc`
`DNSPort 172.16.0.1:9053 IPv6Traffic`
`TransPort 172.16.0.1:9040`
`TransPort [fe80::10%vnet0]:9040`
`ClientUseIPv6 1`
`ClientPreferIPv6ORPort 1`
`ClientPreferIPv6DirPort 1`
Here is what I get from a machine connected to the router:
`$ curl 'http://ipv4.whatismyip.akamai.com'; echo; curl -g -H 'Host:
ifconfig.co' http://[2001:470:28:840::cafe:d00d]; echo "dig"; dig
ifconfig.co A ifconfig.co AAAA +short;`
`46.182.19.15`
`2607:5300:120:312::1:1`
`dig`
`188.113.88.193`
`$ !!`
`199.87.154.255`
`2a00:fc00:e000:b001::f4ee`
`dig`
`188.113.88.193`
`$ !!`
`5.254.112.154`
`2620:18c:0:1001::102`
`dig`
`188.113.88.193`
`2001:470:28:840::cafe:d00d`
`$ !!`
`197.231.221.211`
`2620:18c:0:1001::102`
`dig`
`188.113.88.193`
`$ !!`
`192.42.116.16`
`2604:8b40:1:3::1`
`dig`
`188.113.88.193`
`$ !!`
`185.220.101.16`
`2a03:f85:8::7`
`dig`
`188.113.88.193`
`2001:470:28:840::cafe:d00d`
''(changing exit between each repetition with a NEWNYM command)''
So, as you can see, both the ipv4 an the ipv6 stack work (first 2 curls of
the command line), no issue with that fortunately!
For ipv6 I have to force the ipv6 address since the DNS query not always
returns AAAA responses.
Depending on the exit host, we get AAAA responses... or not!
'''Question:''' how to make AAAA responses reliable?
''P.S.: from teor's response in my initial ill-worded ticket, I don't
think it is relevant to add 'IPv6Traffic' to TransPort. Indeed, when you
bind the TransPort to an ipv4 address you can't sen ipv6 there, and when
you bind to an ipv6 address, it is already for ipv6.
Even more, you can't do that: tor-0.2.9 rightfully complaining when you
add that to TransPort, whereas it is pleased (but has no effect!) when you
specify the option for DNSPort''
''P.S.2: You might have noticed the [fe80::10%vnet0] in my torrc, this is
not a bug, I am using my patched version that accepts binding to link-
local ipv6 addresses. #23819''
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24833>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list