Roger Dingledine arma at mit.edu
Tue Oct 1 23:09:43 UTC 2002

On Tue, Oct 01, 2002 at 06:21:47PM -0400, Sven Dietrich wrote:
> > Interestingly enough, I have a feeling that encrypted DNS would more or
> > less do (all domains have approximately the same length).
> Hmm, that would still be susceptible to the attack outlined
> above.

It's also susceptible to the "the adversary is the server" attack --
if ibm.com is wondering who's toring to it, and they observe a dns
request followed by a tor request, they have a good first guess.

The approach I think we're planning with the socksified nameserver is
to do the actual dns queries over a separate tor connection.

But deploying a socksified nameserver along with tor, or a nameserver as
Nick's post describes, is going to be a pain. Most users have a variety
of ns configurations, etc, and we'd need to handle all of that. Even if
we say "well, most of them use bind, so let's just patch that to be able
to query over socks", we're still leaving lots of people out. And adding
a world of pain to tor maintenance.

If we had something in the kernel to redirect packets, we could just
tell it that udp and tcp port 53 should go to our process. We're still
trying to avoid that approach, though, because it's also a world of pain.

The way tsocks does it is to replace the res_init() function with one
that does normal resolver initialization, and then does
  "_res.options |= RES_USEVC;".
The goal is to encourage it to use tcp rather than udp, and thus tsocks
can intercept the normal connect(), etc calls from within gethostbyname().

It looks like it works sometimes, and not other times. Not sure yet. I'll
investigate it further when I have a free moment.


More information about the tor-dev mailing list