Andrei Serjantov aas23 at hermes.cam.ac.uk
Tue Oct 1 21:41:04 UTC 2002

> > What is the current proposal on how to do DNS? I take it Mozilla does it
> > before anything else and thus reveals the hostname to the outside world at
> > the moment?
> That is correct.
> The current proposal is to modify all applications to use socks4a or to
> pass the hostname to the socks server rather than resolve it first. And
> that's not a very good proposal.

Why not (I have no clue as to what socks4a does)? Would the hostname not
get resolved at the last OR then? Isn't that what we want?
Ok, so the reason why you don't like it is that every application needs to
be modified, right?

> makes no sense. But though we can just do "tsocks ssh arma at moria" now,
> 'moria' gets resolved. In my particular case I know the IP, so I can do
> "tsocks ssh arma at" perfectly safely. But that's probably
> not a good general solution either.

No, not a good general solution :-))

> One possible approach is to distribute a socksified bind (or equivalent),
> so people run a local nameserver that knows how to query over tor.

Yes.... That might be best, although it is certainly heavyweight.
Interestingly enough, I have a feeling that encrypted DNS would more or
less do (all domains have approximately the same length).


More information about the tor-dev mailing list