Hey Jeremy, On 2020/05/15 15:53, Jeremy Rand wrote: > FYI I already wrote a Prop279 provider that looks up the names via DNS > (it's aptly named "dns-prop279"); it does pretty much exactly what you > describe. It doesn't handle DNSSEC validation itself (it assumes that > you've specified a DNS server that you trust -- most likely one running > on localhost). Stream isolation can be handled via an EDNS0 field (and > I'm guessing it would not be difficult to patch an existing DNS server > to respect that EDNS0 field). I wouldn't be surprised if it's easy to > make dns-prop279 do DNSSEC validation itself (and not use a > localhost-based DNS server) if that's desired -- the library it uses > (miekg/dns) does claim to support DNSSEC validation, though I've never > tried testing that feature.
Very interesting. I think proposal #279 only tries to solve the subset of name look ups, which is about looking up onions from a human name. The work in this thread is to replace all name lookups *except* for Onions. It could very well be that it would be easier to extend proposal #279 by having it handle all lookups and not just for .onion's, but I think my intuition says that it should be two different systems as onion lookups is still a much more open question whereas Tor will need to support ordinary DNS for many years into the future. If `OnionNamePlugin` allowed you to specify `.*` for "everything" as the TLD specifier, then it might be possible to implement such system using proposal #279 :-) All the best, Alex. -- Alexander Færøy _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
