[tor-bugs] #28955 [Applications/Orbot]: should Orbot include DNS forwarder backed by DNS-over-TLS

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jan 1 01:56:29 UTC 2019


#28955: should Orbot include DNS forwarder backed by DNS-over-TLS
--------------------------------+-----------------------
 Reporter:  eighthave           |          Owner:  n8fr8
     Type:  defect              |         Status:  new
 Priority:  Medium              |      Milestone:
Component:  Applications/Orbot  |        Version:
 Severity:  Normal              |     Resolution:
 Keywords:                      |  Actual Points:
Parent ID:                      |         Points:
 Reviewer:                      |        Sponsor:
--------------------------------+-----------------------

Comment (by pege):

 This is probably something that should be supported by Tor itself rather
 than Orbot since it affects anything using Tor, not just Orbot and
 applications that use it to connect to the Tor network.

 I'm generally in favor but there a few things to consider:

 * This is going to increase latency. Tor supports specifying a DNS as
 target in SOCKS5 in which case the exit node does a DNS lookup (lower
 latency). Also, it allows sending data before the DNS name is resolved,
 decreasing latency again, but only if DNS resolution is made remotely. If
 DNS over TLS is used, this won't be possible without another request to
 the DNS server first. Exits doing a lookup, without them learning the DNS
 name is probably not possible.
 * Tor Browser and all other application using TLS still leak that
 information without [https://blog.cloudflare.com/esni/ ESNI] being enabled
 browser and server-side (not in Firefox stable AFAIK).
 * There need to be enough independent services offering DNS-over-TLS to
 make sure blocking of Tor exit nodes by a single or a few provider won't
 break Tor.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28955#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list