[tor-talk] Building Petnames with DNSSEC...?
Jérémy Bobbio
lunar at debian.org
Mon Jun 4 14:40:22 UTC 2012
On Sun, Jun 03, 2012 at 10:30:13PM -0400, Nathan Freitas wrote:
> On 06/03/2012 09:30 PM, Jacob Appelbaum wrote:
> > That does indeed seem like a better idea. We'll need to use something
> > like unbound anyway, so we can use TXT records all the same, I guess.
>
> Why not use SRV records?
>
> if this was the
> _xmpp-client._tcp.foo.com. 82698 IN SRV 10 0 5222 foo.com.
> _xmpp-server._tcp.foo.com. 86400 IN SRV 10 0 5269 foo.com.
>
> _onion-service._tcp.foo.com. 86400 IN SRV 10 0 8888 xxxx.onion
>
> or even this might be a good way to advertise onion based xmpp services:
>
> _xmpp-client-onion._tcp.foo.com. 86400 IN SRV 10 0 5222 xxxx.onion.
It will not work for the same reason. Quoting RFC 2782:
Target
The domain name of the target host. There MUST be one or more
address records for this name, the name MUST NOT be an alias (in
the sense of RFC 1034 or RFC 2181).
.onion addresses do not map to IP addresses. So resolvers are likely to
give you a NXDOMAIN answer.
--
Jérémy Bobbio .''`.
lunar at debian.org : :Ⓐ : # apt-get install anarchism
`. `'`
`-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20120604/baa0ea02/attachment.pgp>
More information about the tor-talk
mailing list