[tor-dev] GSoC: Support all kinds of DNS queries
jeremyrand at airmail.cc
Sun Apr 2 03:22:58 UTC 2017
-----BEGIN PGP SIGNED MESSAGE-----
> Hi everyone,
> I'm a Software Engineering master's student at TU Wien, Austria,
> with a recent focus on computer security and privacy issues. I am
> interested in participating in GSoC 2017, particularily in the
> task to support all kinds of DNS queries via Tor .
> I've seen the mailing list discussions of 2012 and read the
> resulting proposition 219 . What do you think, which parts of
> it (if any) would need to be adapted for DNS in 2017? My current
> impression is that not much has changed, particularily regarding
> DNSSEC support and deployment.
> As of now, the proposal looks fairly complete with few questions
> remaining, the biggest research task being how to utilize
> libunbound for query/response parsing and construction.
> Implementing the RELAY DNS cells then seems fairly
> straightforward. Unit/integration tests and some fuzzing would be a
> good idea. The problem of reducing DNSSEC roundtrips
> (serialization) to be investigated in a later phase, I would say.
> Is a separate AXFR tool still something that is desired? I have no
> experience with zone transfers -- can't the existing tooling just
> be used over a normal TCP conn through Tor?
> This project idea would make a good match to my thesis in
> progress, for which I am researching and evaluating
> privacy-improving DNS tools in the context of Tor (DNSCrypt,
> DNS-over-TLS) , inspired by the awesome paper on DNS correlation
> . For example, I recently built a SOCKS-to-SOCKS translator
> which allows to resolve hostnames using a resolver of choice, e.g.
> using DNSCrypt with TBB.
> Looking forward to hearing your thoughts, concerns and opinions!
> Best regards, Daniel
> IRC handle on OFTC: idealchain
(Thinking out loud.) It would be interesting to have some kind of
algorithm agility here. For example, a Tor client could send a
request for a Namecoin domain name, and the exit relay would return a
Namecoin merkle proof in the same way that it would return a DNSSEC
signature if were a DNS doman name.
- -Jeremy Rand
Lead Application Engineer at Namecoin
Mobile email: jeremyrandmobile at airmail.cc
Mobile PGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C
Send non-security-critical things to my Mobile with PGP.
Please don't send me unencrypted messages.
My business email jeremy at veclabs.net is having technical issues at the
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the tor-dev