[tor-dev] DNS/DNSSEC resolving in Tor (PoC implementation)

Nick Mathewson nickm at alum.mit.edu
Tue Jan 31 15:04:21 UTC 2012

On Mon, Jan 30, 2012 at 1:34 AM, Roger Dingledine <arma at mit.edu> wrote:
> So it looks like Tor would get two new libraries linked in, and exit
> relays would inherit whatever security/stability issues libunbound has
> since clients can basically hand them packets that they have to parse
> and deal with.

FWIW, I'm okay thinking about adding new library dependencies so long
as the libraries are portable enough; libunbound and ldns have a
reasonably good reputation.  (And our friends at NLnet labs probably
wouldn't mind another bunch of users.)

I believe that as we add dnssec support, we are going to cross the
threshold of stuff we'd be willing to clone ourselves, since writing
our own dnssec code would be absurd.


More information about the tor-dev mailing list