[tor-bugs] #34004 [Core Tor/Tor]: Support for full DNS and DNSSEC resolution
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Apr 26 09:22:57 UTC 2020
#34004: Support for full DNS and DNSSEC resolution
--------------------------+------------------------
Reporter: chrisss404 | Owner: (none)
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Major | Resolution:
Keywords: DNS, DNSSEC | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------
Comment (by chrisss404):
I added the implementation here:
https://github.com/torproject/tor/pull/1869
For the DNS connections I introduced a new session group:
SESSION_GROUP_DNS_LOOKUP
https://github.com/torproject/tor/blob/153f81f340ea84bc5df7471b2d0a7bfbf3ad318c/src/core/or/or.h#L990
Then I setup the connection as follows:
dns_conn->entry_cfg.session_group = SESSION_GROUP_DNS_LOOKUP;
dns_conn->entry_cfg.isolation_flags = ISO_DEFAULT;
dns_conn->entry_cfg.ipv4_traffic = 1;
dns_conn->entry_cfg.ipv6_traffic = 1;
dns_conn->entry_cfg.dns_request = 0;
dns_conn->entry_cfg.onion_traffic = 1;
dns_conn->entry_cfg.use_cached_ipv4_answers = 0;
dns_conn->entry_cfg.use_cached_ipv6_answers = 0;
https://github.com/torproject/tor/blob/153f81f340ea84bc5df7471b2d0a7bfbf3ad318c/src/core/or/dns_resolver.c#L458
Can you please help me to determine if this approach is prone to
correlation attacks?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/34004#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list