[tor-dev] GSoC: Support all kinds of DNS queries
Daniel Achleitner
daniel.achleitner at gmail.com
Wed Mar 29 22:30:41 UTC 2017
Hi everyone,
I'm a Software Engineering master's student at TU Wien, Austria, with a
recent focus on computer security and privacy issues. I am interested in
participating in GSoC 2017, particularily in the task to support all
kinds of DNS queries via Tor [1].
I've seen the mailing list discussions of 2012 and read the resulting
proposition 219 [2]. What do you think, which parts of it (if any) would
need to be adapted for DNS in 2017? My current impression is that not
much has changed, particularily regarding DNSSEC support and deployment.
As of now, the proposal looks fairly complete with few questions
remaining, the biggest research task being how to utilize libunbound for
query/response parsing and construction. Implementing the RELAY DNS
cells then seems fairly straightforward. Unit/integration tests and some
fuzzing would be a good idea. The problem of reducing DNSSEC roundtrips
(serialization) to be investigated in a later phase, I would say.
Is a separate AXFR tool still something that is desired? I have no
experience with zone transfers -- can't the existing tooling just be
used over a normal TCP conn through Tor?
This project idea would make a good match to my thesis in progress, for
which I am researching and evaluating privacy-improving DNS tools in the
context of Tor (DNSCrypt, DNS-over-TLS) [3], inspired by the awesome
paper on DNS correlation [4]. For example, I recently built a
SOCKS-to-SOCKS translator which allows to resolve hostnames using a
resolver of choice, e.g. using DNSCrypt with TBB.
Looking forward to hearing your thoughts, concerns and opinions!
Best regards,
Daniel
IRC handle on OFTC: idealchain
[1]: https://www.torproject.org/getinvolved/volunteer.html.en#supportAllDNS
[2]:
https://gitweb.torproject.org/torspec.git/tree/proposals/219-expanded-dns.txt
[3]: My work-in-progress mindmap about DNS Privacy (not related to prop219):
https://drive.google.com/open?id=0B3d38csDsjwudDJOUjRleE93bjQ
[4]: https://nymity.ch/dns-traffic-correlation/tor-dns.pdf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 874 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20170330/d943bd74/attachment.sig>
More information about the tor-dev
mailing list