On 07/17/2015 10:39 PM, Ralf Weber wrote: > > Am I right that there is leakage of dns requests with > .onion TLDs? If so isn't that a bug in their software? > *** Almost:
1) .onion is not a TLD (sorry, I made the mistake myself to abuse TLD, although I had defined pTLD for that purpose--as in: pseudo-TLD, but for consistency we're using Special-Use Domain Name there) 2) yes, leakage of requests for .onion names to the DNS is one of the problems we're facing. 3) No, it's not a bug in the software, it's due to broken configurations of the local resolver and applications wrongly sending .onion requests to the DNS (e.g., Web browsers' pre-fetching feature) > authoritative servers (who never would get a request for .onion anyway) > *** They could if there's no RFC to forbid it. Actually they could even with such a document, but other actors would then rightfully decline their non-NXDOMAIN response. > This is the dnsop working group, so I'm not sure if I have > to know TOR to participate here. > *** But to participate in a discussion related to Tor (not TOR), it's useful. I refrain to participate in discussions where I don't know what I'm talking about: I already have difficulties with the topics I think I master. That said, participating is the best way to learn :) > I'm ok with .onion being a special name, but we should just do > that by normal DNS mechanism. What's wrong with answering REFUSED?. > *** Refused does not mean that you're dealing with a non-existent name (3 Name Error), especially one that is NOT in DNS. It means that the server refused to perform the request, but does not inform you of the "specialness" of this particular .onion Special-Use Domain Name (RFC 6761). > Answering NXDomain is much harder in a DNSSEC world. > *** Well, Tor is not in the DNSSEC world, it's not even in the DNS world, that's the point of Name Error in that case, and of the draft in question. Regards, == hk _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
