Tor & DNS Requests

Jason Holt jason at
Sun May 7 04:17:42 UTC 2006

On Thu, 4 May 2006, Roger Dingledine wrote:
> No. All Tor nodes, including nodes with an exit policy of reject
> *:*, are willing to do DNS resolves for people. Of course, clients
> will try to pick nodes that would allow their connection to exit,
> so they will tend to avoid using the reject *:* ones -- but when
> using our extension to socks to do dns resolves directly (see
> the Tor client is
> fine picking a reject-all node, since no traffic will actually be exiting.

I didn't realize that.  I set up an internal-only server because my 
organization didn't like where people were exiting to, but the way they were 
monitoring the network was by sniffing DNS requests.


More information about the tor-talk mailing list