Discuss mailing list

[Peter Green <peter AT greenpete.free>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Thanks Quinn,

Surely if the TOR project wanted to add D.N.S. routing (in the way I'm thinking, to protect queries and personal choice of resolvers) they could? So maybe it'd be worth me contacting them. Or maybe I'm not quite grasping what you've said?

Peter 
- -- 
Wanged from my Kaiser by a mischievous pixie!

http://www.greenpete.co.uk/pgpkey.txt

woodq11 AT gmail.com wrote:

Ah. Tor doesn't actually route UDP traffic in general. Just TCP traffic.

As such, DNS lookups are done through a SOCKS proxy and passed to the exit
node, or via a special option in Tor, a DNS listener.

For the same reason, filesharing and some types of videoconferencing
applications (which are connectionless UDP by design) won't work securely with
Tor.

I block all UDP on my machine when using Tor, with the exception of port 53
which I redirect to Tor's DNS listener.

Hope that helps explain why, currently, what you're asking for isn't possible.
I suppose exit nodes could be configured to allow circuits to state DNS
servers to query, but I think that example would provide a security risk ala
DNS servers that responded with specially-designed arbitrary code overflows
etc. So it may not ever be possible.

<
 br
/>--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

-----BEGIN PGP SIGNATURE-----
Version: APG v1.0.8

iQFBBAEBCAArBQJQWW7RJBxQZXRlciBHcmVlbiA8cGV0ZXJAZ3JlZW5wZXRlLmNv
LnVrPgAKCRDwSqngs+9nOfU9B/wI/sQlQv6prOGDchknRtmFoprupdNHOK+YcaI8
zEg3JEEPRp+M6rfXnMDx4o3nUf4vxuENufoTDkpIiykxUBeczyywkwTR/5YjLAjQ
cTl2NJ1iJnaUy3sEZRxtuY4ftAJ7sqv5EJMJdn1rF38IUpEIZI2zmDYdxB8KNiSQ
ey5z74zncAdHl4QMiAIbZioI8tCcZZ1TBIpR8FucYGKXkpV3xuVdOYhmrIN4tWYu
Y/mS/9I050R+MwI6o7+uH8AYrZIuejr9PT3pgN+KtinyuSCk8BJM0Zxd8N11WXXx
nO00NgUOPhnQPY17AmCASCoc1dZxk6SkJOnF5guEiXosiCb7
=p4DH
-----END PGP SIGNATURE-----