"router get by nickname" on request to dir server appears to be failing

Roger Dingledine arma at mit.edu
Mon Mar 5 02:10:11 UTC 2007


On Sun, Mar 04, 2007 at 05:57:17PM -0800, Michael_google gmail_Gersten wrote:
> But if I'm only talking to domain.com, not any of the subsites, then
> my DNS request only goes to the TLD server.
> 
> And, if I'm not running a full resolver -- if I just send my request
> to a single recursive server that returns my address -- then the DNS
> request as seen by the world is from that other DNS server, not from
> me.
> 
> In both of these two cases, I do not see any privacy leak concern. Am
> I missing one, or are these cases actually safe? And, if so, can that
> warning message get disabled?

One of the big privacy concerns is that your DNS queries get sent out
in the clear to anybody who's watching your network connection. Tor can
protect against an attacker watching your network connection, but not if
you tell him each of your destinations before you (anonymously) go there.

> Yes, I know that DNS lookup improvements are coming. Right now I'd be
> happy with some sort of "Only resolve DNS at this list of hosts"
> rather than "resolve DNS at any host in the world". Because I'm
> finding that I can't trust all of them.

If you find specific Tor nodes that are consistently bad with their DNS
answers, please let us know and we'll contact the operators to get them
to fix it (or assign the BadExit flag to them if that doesn't work).

Thanks,
--Roger



More information about the tor-talk mailing list