Polipo and dnsUseGethostbyname - what is the best option and does it matter?

Thu Apr 8 15:24:06 UTC 2010

Hello,

The standard Polipo configuration file for Ubuntu located at 
https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/polipo.conf 
should replace the configuration file one downloads when Polipo is 
installed according to http://www.torproject.org/docs/tor-doc-unix.html.en.

The Polipo configuration from 
https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/polipo.conf 
says:

# Uncomment this to disable Polipo's DNS resolver and use the system's
# default resolver instead. If you do that, Polipo will freeze during
# every DNS query:

dnsUseGethostbyname = yes

However, section 3.9 of the Polipo manual says:

Polipo usually tries to speak the DNS protocol itself rather than using 
the system re-
solver5 . Its precise behaviour is controlled by the value of 
dnsUseGethostbyname. If
dnsUseGethostbyname is false, Polipo never uses the system resolver. If 
it is reluctantly
(the default), Polipo tries to speak DNS and falls back to the system 
resolver if a name server
could not be contacted. If it is happily, Polipo tries to speak DNS, and 
falls back to the system
resolver if the host couldn’t be found for any reason (this is not a 
good idea for shared proxies).
Finally, if dnsUseGethostbyname is true, Polipo never tries to speak DNS 
itself and uses the
system resolver straight away (this is not recommended).

Three questions:

First, since "yes" is not one of the four options listed in 3.9 what 
does this mean? I was using "yes" for many months without realizing it 
was not an option. How does Polipo use "yes"? Why is this in the config 
file?

Second, surely the best option is "false". That way even if there is a 
problem with Polipo's DNS it will not use the local DNS as listed in 
resolv.conf. Some people might say: put OpenDNS in resolv.conf. However, 
I am on an academic network which does not permit me to modify the DNS; 
changing resolv.conf means I have no connection. (I know about the 
dnsNameServer option but let's leave that for now).

Third, I always use Polipo with Tor. Even if dnsUseGethostbyname is set 
to "yes" or any of the four valid options does this matter? Are DNS 
requests passed through Polipo to Tor and then Tor does its DNS 
resolution (after the final exit node if I understand correctly?) so 
this setting in the configuration file is not important? Or does Polipo 
do the DNS resolution before traffic is passed on to Tor in which case 
the configuration file is crucial? In other words, when is DNS resolved 
when using Tor and Polipo?

Thanks.

***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/