[tor-talk] Who controls Tor's DNS Traffic?

[grarpamp]

On Mon, May 14, 2018 at 1:46 AM, Roger Dingledine <arma at mit.edu> wrote:
> On Fri, May 11, 2018 at 03:08:54AM +0500, Roman Mamedov wrote:
>> "Level 3" on the charts is most likely the notorious 4.2.2.2...4.2.2.6.
>> Those absolutely should not be used, aside from all the other reasons outlined
>> in the article, they also hijack NXDOMAIN results for monetization of the user.
>
> For this particular issue, Tor has a feature where it tries to resolve a
> few nonsense domains, and if they work, it remembers the IP addresses that
> were returned, and whenever it sees those, it treats them as NXDOMAIN.
>
> https://gitweb.torproject.org/tor.git/tree/src/or/dns.c?h=tor-0.3.3.5-rc#n1771
>
> So I agree that DNS resolvers that try to sell you encyclopedias are
> evil, but also Tor has some rudimentary defenses against them. :)

So when user / researcher / whatever else not for Tor to say,
wants to see the truth about encyclopedias on the internet,
Tor censors them. Yeah, not good.

Exits shutting themselves down upon analysis of assault upon their own
expected clearnet connection is reasonable (and various tests and counters
are handy there, though perhaps a bit naieve to expect a domain redirection
attack via dns servers would go to the same ip's as wildcard advertising,
instead of simply being different ip's than expected).

Censoring jacked NXDOMAIN back to users isn't, certainly not without user
option, as would be any other filter in their end where it belongs (other
than for tor-resolve queries which can be both, this probably needs
done via cell bits).

Further, hiding this evil will allow it to fester and grow on the global
internet by blinding users who might otherwise discover, learn about it,
where it is coming from, get pissed off, and rise and protest against it
so that it goes away for real.