Hi, On 07/30/2014 01:43 PM, Mike Fikuart wrote: > I am aware that there is a Project Idea (under > https://www.torproject.org/getinvolved/volunteer.html.en#improvedDnsSupport) > point q. Improved DNS support for Tor;
I am the author of the proposal 219. If you want DNS, you can make it work today via a tunnel with Unbound. One sample howto: https://labs.nic.cz/page/993/ - DNSSEC is optional > however has there been any exploration or development of a fully fledged > DNS system for Tor I have spent more than half a year trying to make it work. Most time spent was due to DNSSEC and especially its latency - it is quite easy to have 20 roundtrips for one DNS request because of CNAME and DNAME. Which can take 5-20 seconds - incurring seemingly "random" errors (from the user's point of view). On a good day with good circuit and "heated cache" you can get average ~3 secs to resolve a request. > that could give human readable names to hidden services? This is not a good idea for many reasons. I'm not up-to-date with the latest rendezvous protocol, but AFAIK the DNS request would be sent from different exit node than the nodes used for rendezvous - which would in turn make correlation attacks easier. > If further consideration is given to also pursuing the registration of the > .onion domain as a TLD, this could also open further publicity and revenue > for the Tor Project. The domain auctions for .tv and .co raised > significant revenue for the Tuvalu and Colombian countries not to mention > the managing organisations. TLD costs $150k USD as "down payment" and requires additional infrastructure to support the gTLS which is not cheap. There are much better ways how to spend the resources. > Has any of this been looked at previously or are there reasons why this is > not being pursued? DNS being 30+ years old has incredibly many special cases. There are quick-and-dirty implementations but that's probably not what one would want with anonymity software. Ondrej -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk