TOR on Academic networks (problem)

Peter Palfrader peter at
Wed May 17 13:33:09 UTC 2006

On Wed, 17 May 2006, Michael Holstein wrote:

> >You are hurting the Tor network more than you realize.  You are lying to
> >clients and clients cache that answer.  Don't do this.
> I've tested this before, and since the /etc/hosts entry refers to an 
> address which is blocked by *all* TOR servers default exit policy, it 
> just says "requested exit node will deny your request".
> Do they still cache the DNS answer?

The reject cell includes a the resolved IP address.  This answer is

> Would it be better to block them by allowing a (legitimate) DNS lookup, 
> and then null-routing the IP space involved?


> Doing *nothing* is NOT an option here.

Add them to your exit policy.  If that turns out to be too long (more
than just a couple of lines), make your exit policy rejects broader,
even if that means rejecting *:80.

                           |  .''`.  ** Debian GNU/Linux **
      Peter Palfrader      | : :' :      The  universal | `. `'      Operating System
                           |   `-

More information about the tor-talk mailing list