hi all,
saw an open item in the tor projects, about dns and other resource
record types. this got me thinking about
just trying to understand Tor and DNS.
for what I gather so far, is Tor and dns is only about "a" records and
quad records "", thats pretty much it.
i think PTR also but j
On 03/12/2012 07:08 PM, Nick Mathewson wrote:
> On Sat, Mar 10, 2012 at 9:22 AM, Ondrej Mikle wrote:
>>
>> 1. Design
>>
>> 1.1 New cells
>>
>> There will be two new cells, RELAY_DNS_BEGIN and RELAY_DNS_RESPONSE (we'll
>> use DNS_BEGIN and DNS_RESPONSE for short below).
>>
>> DNS_BEGIN payload:
On Sat, Mar 10, 2012 at 9:22 AM, Ondrej Mikle wrote:
> Hi all,
>
> the DNS/DNSSEC resolving draft for seems to be finished.
Hi, Ondrej! I've got a few questions and comments. I might have more
once I've thought a little more about the issues on this.
> I added a few thoughts on mitigating cir
On 03/10/2012 03:22 PM, Ondrej Mikle wrote:
>
> The draft is here (full text pasted at the end of this mail):
>
> https://github.com/hiviah/torspec/blob/master/proposals/ideas/xxx-dns-dnssec.txt
Just a quick fix, I've noticed I have two sections named "Implementation notes".
s/9. Implementation
Hi all,
the DNS/DNSSEC resolving draft for seems to be finished.
I added a few thoughts on mitigating circuit correlation (mentioned in proposal
171). Somebody could look at those if they are not totally stupid (last two
paragraphs of section 7).
A note is added about the "DNSSEC stapling" [1] (
Hi,
I've updated the Tor DNS/DNSSEC draft from what was said in this thread. Short
summary of changes:
- drop IDs (use StreamID), drop length from DNS_RESPONSE, keep just uint16_t
total_length
- separate tool for AXFR so that server can be specified
- validation always on client side by default
-
On 02/10/2012 08:20 AM, Jakob Schlyter wrote:
> On 7 feb 2012, at 22:08, Ondrej Mikle wrote:
>
>> 1. full packet might leak identifying information about OS or resolver used,
>> quoting Nick:
>>> There are parts of a DNS packet that we wouldn't want
>>> to have the Tor client make up. For example
On 7 feb 2012, at 22:08, Ondrej Mikle wrote:
> 1. full packet might leak identifying information about OS or resolver used,
> quoting Nick:
>> There are parts of a DNS packet that we wouldn't want
>> to have the Tor client make up. For example, DNS transaction IDs
>> would need to avoid collision
On 02/09/2012 10:58 PM, Ondrej Mikle wrote:
> On 02/09/2012 12:24 AM, Jacob Appelbaum wrote:
>> On 02/08/2012 11:47 PM, Ondrej Mikle wrote:
>>> On 02/08/2012 02:59 AM, Nick Mathewson wrote:
On Tue, Feb 7, 2012 at 7:33 PM, Ondrej Mikle
wrote:
I think if we want an extra field i
On 02/09/2012 12:24 AM, Jacob Appelbaum wrote:
> On 02/08/2012 11:47 PM, Ondrej Mikle wrote:
>> On 02/08/2012 02:59 AM, Nick Mathewson wrote:
>>> On Tue, Feb 7, 2012 at 7:33 PM, Ondrej Mikle wrote:
>>>
>>> I think if we want an extra field in the future, we want to put it
>>> after the end of the
On 02/08/2012 11:47 PM, Ondrej Mikle wrote:
> On 02/08/2012 02:59 AM, Nick Mathewson wrote:
>> On Tue, Feb 7, 2012 at 7:33 PM, Ondrej Mikle wrote:
>>
>> I think if we want an extra field in the future, we want to put it
>> after the end of the response (that is, after total_len), rather than
>> ha
On 02/08/2012 09:09 AM, Peter Palfrader wrote:
> On Tue, 07 Feb 2012, Nick Mathewson wrote:
>
>> On Tue, Feb 7, 2012 at 7:33 PM, Ondrej Mikle wrote:
>>> On 02/07/2012 07:18 PM, Nick Mathewson wrote:
Like Jakob, I'm wondering why there isn't any support for setting flags.
>>>
>>> See my respo
On 02/08/2012 02:59 AM, Nick Mathewson wrote:
> On Tue, Feb 7, 2012 at 7:33 PM, Ondrej Mikle wrote:
>
> I think if we want an extra field in the future, we want to put it
> after the end of the response (that is, after total_len), rather than
> having it be optionally in every cell.
OK.
>> That
On Tue, 07 Feb 2012, Nick Mathewson wrote:
> On Tue, Feb 7, 2012 at 7:33 PM, Ondrej Mikle wrote:
> > On 02/07/2012 07:18 PM, Nick Mathewson wrote:
> >> Like Jakob, I'm wondering why there isn't any support for setting flags.
> >
> > See my response to Jakob. I don't think it's worth to use anythi
On Tue, Feb 7, 2012 at 7:33 PM, Ondrej Mikle wrote:
> On 02/07/2012 07:18 PM, Nick Mathewson wrote:
>> part of the relay cell header should already fulfill this role, if I'm
>> understanding the purpose of "ID" correctly.
>
> You're understanding the purpose correctly. I thought that more request
On 02/07/2012 07:18 PM, Nick Mathewson wrote:
> On Sat, Feb 4, 2012 at 10:38 PM, Ondrej Mikle wrote:
>> First draft is ready here:
>>
>> https://github.com/hiviah/torspec/blob/master/proposals/ideas/xxx-dns-dnssec.txt
>
> Some initial comments:
>
>> DNS_BEGIN payload:
>>
>>RR type (2 octet
On 02/07/2012 03:18 PM, Jakob Schlyter wrote:
>
> I may have missed parts of the previous discussion, but why are you not
> encapsulating the whole DNS request from the client? Various flags and other
> options (e.g. EDNS0) would be quite useful to be able to transport across the
> TOR network.
On Sat, Feb 4, 2012 at 10:38 PM, Ondrej Mikle wrote:
> On 02/01/2012 10:01 AM, Jacob Appelbaum wrote:
>>
>> That sounds good. I'll wait for the first draft and send feedback.
>
> First draft is ready here:
>
> https://github.com/hiviah/torspec/blob/master/proposals/ideas/xxx-dns-dnssec.txt
Cool!
Ondrej,
I may have missed parts of the previous discussion, but why are you not
encapsulating the whole DNS request from the client? Various flags and other
options (e.g. EDNS0) would be quite useful to be able to transport across the
TOR network.
jakob
___
On 02/01/2012 10:01 AM, Jacob Appelbaum wrote:
>
> That sounds good. I'll wait for the first draft and send feedback.
First draft is ready here:
https://github.com/hiviah/torspec/blob/master/proposals/ideas/xxx-dns-dnssec.txt
Hopefully I reflected all the main points made in the DNS threads. Th
On 01/31/2012 03:29 PM, Nick Mathewson wrote:
> On Tue, Jan 31, 2012 at 6:20 PM, Jacob Appelbaum wrote:
>> On 01/31/2012 06:42 AM, Nick Mathewson wrote:
>>> On Tue, Jan 31, 2012 at 1:08 AM, Jacob Appelbaum
>>> wrote:
I think that seems OK. I think the first step is a proposal,
>>>
>>>
On Tue, Jan 31, 2012 at 6:20 PM, Jacob Appelbaum wrote:
> On 01/31/2012 06:42 AM, Nick Mathewson wrote:
>> On Tue, Jan 31, 2012 at 1:08 AM, Jacob Appelbaum wrote:
>>>
>>> I think that seems OK. I think the first step is a proposal,
>>
>> Anybody volunteering for this, or should I throw it on my
On 01/31/2012 06:42 AM, Nick Mathewson wrote:
> On Tue, Jan 31, 2012 at 1:08 AM, Jacob Appelbaum wrote:
>>
>> I think that seems OK. I think the first step is a proposal,
>
> Anybody volunteering for this, or should I throw it on my pile?
I think it might make sense for you, me and Ondrej to wr
On Tue, Jan 31, 2012 at 4:22 PM, Ondrej Mikle wrote:
> On 01/31/2012 03:42 PM, Nick Mathewson wrote:
>> On Tue, Jan 31, 2012 at 1:08 AM, Jacob Appelbaum wrote:
>>>
>>> I think that seems OK. I think the first step is a proposal,
>>
>> Anybody volunteering for this, or should I throw it on my pil
On 01/31/2012 03:42 PM, Nick Mathewson wrote:
> On Tue, Jan 31, 2012 at 1:08 AM, Jacob Appelbaum wrote:
>>
>> I think that seems OK. I think the first step is a proposal,
>
> Anybody volunteering for this, or should I throw it on my pile?
I volunteer for writing the proposal.
Ondrej
__
On Tue, Jan 31, 2012 at 1:08 AM, Jacob Appelbaum wrote:
>
> I think that seems OK. I think the first step is a proposal,
Anybody volunteering for this, or should I throw it on my pile?
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists
On 01/30/2012 06:07 PM, Ondrej Mikle wrote:
> On 01/30/2012 11:18 AM, Jacob Appelbaum wrote:
>> On 01/30/2012 01:09 AM, Christian Grothoff wrote:
>>>
>>> In summary, I think begin_dns is a good idea, but I'm not sure you need
>>> to then talk TCP to the nameserver -- UDP ought to suffice.
>>>
>>
>>
On 01/30/2012 11:18 AM, Jacob Appelbaum wrote:
> On 01/30/2012 01:09 AM, Christian Grothoff wrote:
>>
>> In summary, I think begin_dns is a good idea, but I'm not sure you need
>> to then talk TCP to the nameserver -- UDP ought to suffice.
>>
>
> I think begin_dns is a good idea as well.
Seconded
On Mon, Jan 30, 2012 at 1:59 AM, Roger Dingledine wrote:
> On Thu, Jan 19, 2012 at 05:13:19PM -0500, Nick Mathewson wrote:
>> But I think the right design is probably something like allowing
>> clients to request more DNS info via exit nodes' nameservers, and get
>> more info back. We should think
On 01/30/2012 01:09 AM, Christian Grothoff wrote:
> On 01/30/2012 07:59 AM, Roger Dingledine wrote:
>> On Thu, Jan 19, 2012 at 05:13:19PM -0500, Nick Mathewson wrote:
>>> But I think the right design is probably something like allowing
>>> clients to request more DNS info via exit nodes' nameserver
On 01/30/2012 07:59 AM, Roger Dingledine wrote:
On Thu, Jan 19, 2012 at 05:13:19PM -0500, Nick Mathewson wrote:
But I think the right design is probably something like allowing
clients to request more DNS info via exit nodes' nameservers, and get
more info back. We should think of ways to do thi
On Thu, Jan 19, 2012 at 05:13:19PM -0500, Nick Mathewson wrote:
> But I think the right design is probably something like allowing
> clients to request more DNS info via exit nodes' nameservers, and get
> more info back. We should think of ways to do this that avoid extra
> round trips, but that sh
Hi,
Ondrej Mikle wrote (21 Jan 2012 01:47:56 GMT) :
> So far I've seen ttdnsd used only in Tails, TorDNSd was seen
> mentioned only in the Tor mailing lists (not sure how many
> individuals may be using it though).
> ttdnsd: kind of works, unless validation is required (ttdnsd fails
> as unbound
On 01/19/2012 11:13 PM, Nick Mathewson wrote:
> On Thu, Jan 19, 2012 at 7:39 AM, Linus Nordberg wrote:
>> Hi,
>>
>> After some interesting discussions irl last week with knowledgeable DNS
>> and security people (hi Jakob) I'd like to hear from people involved
>> with DNS in Tor what current status
On Thu, Jan 19, 2012 at 7:39 AM, Linus Nordberg wrote:
> Hi,
>
> After some interesting discussions irl last week with knowledgeable DNS
> and security people (hi Jakob) I'd like to hear from people involved
> with DNS in Tor what current status is and what needs to be done.
>
> More specifically,
Hi,
After some interesting discussions irl last week with knowledgeable DNS
and security people (hi Jakob) I'd like to hear from people involved
with DNS in Tor what current status is and what needs to be done.
More specifically, what's the status of ttdnsd and TorDNSd? Are they
being used? Any
36 matches
Mail list logo
