Delivery-Date: Wed, 30 Jul 2014 17:43:49 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 8C9581E0A15;
	Wed, 30 Jul 2014 17:43:47 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 443293081F;
	Wed, 30 Jul 2014 21:43:41 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 67EDD2888E
 for <tor-talk@lists.torproject.org>; Wed, 30 Jul 2014 21:43:37 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 9ys3RvRoJhL5 for <tor-talk@lists.torproject.org>;
 Wed, 30 Jul 2014 21:43:37 +0000 (UTC)
Received: from mail-wg0-x22c.google.com (mail-wg0-x22c.google.com
 [IPv6:2a00:1450:400c:c00::22c])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 165662F6E2
 for <tor-talk@lists.torproject.org>; Wed, 30 Jul 2014 21:43:36 +0000 (UTC)
Received: by mail-wg0-f44.google.com with SMTP id m15so1816363wgh.27
 for <tor-talk@lists.torproject.org>; Wed, 30 Jul 2014 14:43:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=message-id:date:from:user-agent:mime-version:to:subject:references
 :in-reply-to:content-type:content-transfer-encoding;
 bh=Jgt287yWowXlpAujvQCz+wMxyv5Gd1il2/XxLLnAPck=;
 b=sLnQT9yg1wvvMHDFt/szpqFxhftI+5JgMj/I6I2hW6rr9EhhLL84WSKwirE2ziHSDu
 58QmELSpdspnrXMRUOGebcaXLQYes+zQOpObxmEuluMhMOgZTTXU2WOv3ynN9toe/56g
 qwvXfWcqPNVNkE7SK86LHU7Zag+pvMk4nHTITDGhdKPWP5nNB1Q94WSmnujXnwnedBsu
 xJ8V25cnouneHIfSnSh9HQFCqZvhVuG5NaZTrlwe8KqiGNg3woLGNRkOzlm436RMvnWa
 Yu2LyfmdflzKl/ctuWdaP/mtLIWyl5Y5GOTFZqL4jTKRK5p7pNj/iX06GzkSxsgzmN7w
 G0IA==
X-Received: by 10.180.78.100 with SMTP id a4mr10822796wix.36.1406756614063;
 Wed, 30 Jul 2014 14:43:34 -0700 (PDT)
Received: from [172.29.151.96] (ip-89-177-113-105.net.upcbroadband.cz.
 [89.177.113.105])
 by mx.google.com with ESMTPSA id je3sm13819691wic.11.2014.07.30.14.43.33
 for <tor-talk@lists.torproject.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Wed, 30 Jul 2014 14:43:33 -0700 (PDT)
Message-ID: <53D96702.3050901@gmail.com>
Date: Wed, 30 Jul 2014 23:43:30 +0200
From: Ondrej Mikle <ondrej.mikle@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <3BC96F3B-44DB-4EE4-810B-C19E7D9097FC@fikuart.com>
In-Reply-To: <3BC96F3B-44DB-4EE4-810B-C19E7D9097FC@fikuart.com>
X-Enigmail-Version: 1.6
Subject: Re: [tor-talk] Tor DNS
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Hi,

On 07/30/2014 01:43 PM, Mike Fikuart wrote:
> I am aware that there is a Project Idea (under
> https://www.torproject.org/getinvolved/volunteer.html.en#improvedDnsSupport)
> point q. Improved DNS support for Tor;

I am the author of the proposal 219.

If you want DNS, you can make it work today via a tunnel with Unbound. One
sample howto: https://labs.nic.cz/page/993/ - DNSSEC is optional

> however has there been any exploration or development of a fully fledged
> DNS system for Tor

I have spent more than half a year trying to make it work. Most time spent was
due to DNSSEC and especially its latency - it is quite easy to have 20
roundtrips for one DNS request because of CNAME and DNAME. Which can take 5-20
seconds - incurring seemingly "random" errors (from the user's point of view).

On a good day with good circuit and "heated cache" you can get average ~3 secs
to resolve a request.

> that could give human readable names to hidden services?

This is not a good idea for many reasons. I'm not up-to-date with the latest
rendezvous protocol, but AFAIK the DNS request would be sent from different
exit node than the nodes used for rendezvous - which would in turn make
correlation attacks easier.

> If further consideration is given to also pursuing the registration of the
> .onion domain as a TLD, this could also open further publicity and revenue
> for the Tor Project.   The domain auctions for .tv and .co raised
> significant revenue for the Tuvalu and Colombian countries not to mention
> the managing organisations.

TLD costs $150k USD as "down payment" and requires additional infrastructure
to support the gTLS which is not cheap. There are much better ways how to
spend the resources.


> Has any of this been looked at previously or are there reasons why this is
> not being pursued?

DNS being 30+ years old has incredibly many special cases. There are
quick-and-dirty implementations but that's probably not what one would want
with anonymity software.

Ondrej
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

