[tor-bugs] #26042 [Core Tor/Tor]: Add a new option "RouteDNSTraffic" to prevent noobs from insecure way to use Tor.

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue May 8 05:56:36 UTC 2018


#26042: Add a new option "RouteDNSTraffic" to prevent noobs from insecure way to
use Tor.
------------------------------+--------------------
     Reporter:  cypherpunks   |      Owner:  (none)
         Type:  task          |     Status:  new
     Priority:  High          |  Milestone:
    Component:  Core Tor/Tor  |    Version:
     Severity:  Normal        |   Keywords:
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
------------------------------+--------------------
 RouteDNSTraffic 1
 (default: 1, enabled.)


 Analyzed my exit node's traffic, I noticed many users is sending DNS
 traffic over Tor, expecially targeting 8.8.8.8.

 Tor itself should reroute the tcp port 53 request to TorDNS system
 to prevent linking.

 https://nakedsecurity.sophos.com/2016/10/05/unmasking-tor-users-with-dns/
 https://lists.torproject.org/pipermail/tor-relays/2016-May/009255.html


 Before:
 User === Tor ----- Tor node ---> 8.8.8.8

 After:
 User === Tor[ --reroute-to-TorDNS-system ]<--->Tor node

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26042>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list