Tor & DNS Requests
Jason Holt
jason at lunkwill.org
Sun May 7 04:17:42 UTC 2006
On Thu, 4 May 2006, Roger Dingledine wrote:
> No. All Tor nodes, including nodes with an exit policy of reject
> *:*, are willing to do DNS resolves for people. Of course, clients
> will try to pick nodes that would allow their connection to exit,
> so they will tend to avoid using the reject *:* ones -- but when
> using our extension to socks to do dns resolves directly (see
> http://tor.eff.org/cvs/tor/doc/socks-extensions.txt) the Tor client is
> fine picking a reject-all node, since no traffic will actually be exiting.
I didn't realize that. I set up an internal-only server because my
organization didn't like where people were exiting to, but the way they were
monitoring the network was by sniffing DNS requests.
-J
More information about the tor-talk
mailing list