[tor-relays] dns request capitalization, tor and unbound
Tom van der Woerdt
info at tvdw.eu
Sun Jul 3 13:54:03 UTC 2016
Op 03/07/16 om 15:51 schreef Zack Weinberg:
> On Sun, Jul 3, 2016 at 9:25 AM, ajs124 <tor at ajs124.de> wrote:
>>
>> Afterwards, I noticed that most if not all the DNS request are randomly capitalized.
>> Does this impact unbound's caching ability? My cache hit/miss ratio is around 1/5.
>
> This is "0x20 encoding", see
> https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00
> https://isc.sans.edu/diary/Use+of+Mixed+Case+DNS+Queries/12418 and
> https://dyn.com/blog/use-of-bit-0x20-in-dns-labels/ . It makes it
> harder for a MITM to spoof DNS responses.
>
> It shouldn't affect unbound's ability to cache anything. However, I
> personally think it is inappropriate to run a DNS cache on an exit
> node, because that preserves a record on the exit node of what people
> are using it for.
>
> zw
Without a cache, every connection takes a second longer to open. Unless
you send all DNS requests to Google, but I don't think that's ideal either.
In-memory caching of DNS is simply needed for Tor to work properly (and
besides, Tor has its own DNS cache as well).
Tom
More information about the tor-relays
mailing list