[tor-talk] Building Petnames with DNSSEC...?
Jérémy Bobbio
lunar at debian.org
Sun Jun 3 07:16:11 UTC 2012
On Sat, Jun 02, 2012 at 04:12:04PM -0300, Jacob Appelbaum wrote:
> So the question is - how should this practically work? Should a user be
> able to dynamically register foo.petnames.tld and have it resolve to one
> or more .onions as CNAME that point somewhere or no where? If somewhere,
> where? Furthermore, should we ensure that a .onion can publish a petname
> somewhere, so we can do forward the reverse lookup? I think that would
> allow for some useful properties.
CNAME recards are probably not the best fit. `.onion` addresses do not
resolve to IP addresses. Imagine a RR like:
tor.petnames.tld. IN CNAME idnxcnkne4qt76tg.onion.
If a resolver performs an A query for `tor.petnames.tld.`, any
unmodified resolver would try (and fail) with NXDOMAIN. Because it would
try to perform an A query against `idnxcnkne4qt76tg.onion.` which is
doomed to fail.
My previous research on putting hidden service addresses in DNS records
lead me to think that using TXT records within a specific prefix would
be the easiest solution. Something like:
_onion.tor.petnames.tld. IN TXT "idnxcnkne4qt76tg"
Cheers,
--
Jérémy Bobbio .''`.
lunar at debian.org : :Ⓐ : # apt-get install anarchism
`. `'`
`-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20120603/9fb44114/attachment-0001.pgp>
More information about the tor-talk
mailing list