Discussion:
[tor-dev] lets make 'working DNS' an exit flag requirement
nusenu
2018-07-11 16:37:00 UTC
Permalink
I'd like to see 'working DNS' as a requirement for the exit flag.

If there are no major objections and if I'm able to find
someone to implement it I'd like to proceed with writing
a small proposal.

Would anyone be willing to implement it in tor?



https://trac.torproject.org/projects/tor/ticket/26691
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
Nathaniel Suchy
2018-07-11 16:45:54 UTC
Permalink
I'm going to state my support for it here. I'm not a developer however I
agree all exits should provide DNS from a local resolver (Unbound or
similar) to get the exit flag.
Post by nusenu
I'd like to see 'working DNS' as a requirement for the exit flag.
If there are no major objections and if I'm able to find
someone to implement it I'd like to proceed with writing
a small proposal.
Would anyone be willing to implement it in tor?
https://trac.torproject.org/projects/tor/ticket/26691
--
https://twitter.com/nusenu_
_______________________________________________
tor-dev mailing list
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
nusenu
2018-07-11 16:54:00 UTC
Permalink
Post by Nathaniel Suchy
I'm going to state my support for it here. I'm not a developer however I
agree all exits should provide DNS from a local resolver (Unbound or
similar) to get the exit flag.
just to be clear:
the proposal would not require any specific DNS configuration it would simply
require the exit to not fail to many DNS resolution attempts.
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
meejah
2018-07-11 17:08:12 UTC
Permalink
Post by nusenu
I'd like to see 'working DNS' as a requirement for the exit flag.
If there are no major objections and if I'm able to find
someone to implement it I'd like to proceed with writing
a small proposal.
Would anyone be willing to implement it in tor?
This would be a feature for scanners, not little-t-tor itself, right?
--
meejah
nusenu
2018-07-11 17:25:00 UTC
Permalink
Post by meejah
Post by nusenu
Would anyone be willing to implement it in tor?
This would be a feature for scanners, not little-t-tor itself, right?
the test would be performed by tor in the dir auth role (like other tests
performed by dir auths)
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
nusenu
2018-07-11 21:07:00 UTC
Permalink
there is a great ticket about solving this problem via self-checks:
https://trac.torproject.org/projects/tor/ticket/24014

exits will disable exiting once they realize they fail at doing DNS.

I believe it will cover most if not all of current problems,
lets check again once this is implemented and deployed.

would be nice to have that in tor 0.3.5
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
Loading...