[tor-dev] DNS/DNSSEC resolving in Tor (PoC implementation)

[Nick Mathewson]

On Mon, Jan 30, 2012 at 1:34 AM, Roger Dingledine <arma at mit.edu> wrote:
> So it looks like Tor would get two new libraries linked in, and exit
> relays would inherit whatever security/stability issues libunbound has
> since clients can basically hand them packets that they have to parse
> and deal with.

FWIW, I'm okay thinking about adding new library dependencies so long
as the libraries are portable enough; libunbound and ldns have a
reasonably good reputation.  (And our friends at NLnet labs probably
wouldn't mind another bunch of users.)

I believe that as we add dnssec support, we are going to cross the
threshold of stuff we'd be willing to clone ourselves, since writing
our own dnssec code would be absurd.

-- 
Nick