[tor-talk] Who controls Tor's DNS Traffic?

Roger Dingledine arma at mit.edu
Mon May 14 05:46:24 UTC 2018


On Fri, May 11, 2018 at 03:08:54AM +0500, Roman Mamedov wrote:
> "Level 3" on the charts is most likely the notorious 4.2.2.2...4.2.2.6.
> Those absolutely should not be used, aside from all the other reasons outlined
> in the article, they also hijack NXDOMAIN results for monetization of the user.

For this particular issue, Tor has a feature where it tries to resolve a
few nonsense domains, and if they work, it remembers the IP addresses that
were returned, and whenever it sees those, it treats them as NXDOMAIN.

https://gitweb.torproject.org/tor.git/tree/src/or/dns.c?h=tor-0.3.3.5-rc#n1771

So I agree that DNS resolvers that try to sell you encyclopedias are
evil, but also Tor has some rudimentary defenses against them. :)

--Roger



More information about the tor-talk mailing list