[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnupg-users
Subject:    Re: [HowTo] use gpg2.1 with an onion service
From:       Guilhem Moulin <guilhem () fripost ! org>
Date:       2015-09-19 15:53:54
Message-ID: 20150919155354.GA28000 () localhost
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


On Thu, 17 Sep 2015 at 13:56:51 +0200, Werner Koch wrote:
> To add this flag I need to find documentation on how to route DNS
> requests via tor.  A simple AAAA record lookup is not sufficient.

Unfortunately this doesn't seem to be possible currently, since at the
end of the circuit creation the exit node replies with a single IP and
TTL [0].  (Tor is TCP-only, hence not suitable to route DNS packets; DNS
resolution is left to SOCKSv5 server [the tor client], which in turns
delegates it to the exit node.)

There is a proposed amendment to the Tor protocol [1] to support full
DNS (and DNSSEC) resolution, but the proposal is still sketchy and has
never been implemented.

-- 
Guilhem.

[0] https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt section 6.2
[1] https://gitweb.torproject.org/torspec.git/tree/proposals/219-expanded-dns.txt

["signature.asc" (application/pgp-signature)]

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


[prev in list] [next in list] [prev in thread] [next in thread]