Delivery-Date: Fri, 27 Jun 2014 08:12:16 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 2C3901E0241
	for <archiver@seul.org>; Fri, 27 Jun 2014 08:12:14 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id AACCA2F6F5;
	Fri, 27 Jun 2014 12:12:11 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id A240A2F6CD
 for <tor-talk@lists.torproject.org>; Fri, 27 Jun 2014 12:06:36 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Gx6ulwbP0iGQ for <tor-talk@lists.torproject.org>;
 Fri, 27 Jun 2014 12:06:36 +0000 (UTC)
X-Greylist: delayed 1087 seconds by postgrey-1.34 at eugeni;
 Fri, 27 Jun 2014 12:06:36 UTC
Received: from ppsw-41.csi.cam.ac.uk (ppsw-41-v6.csi.cam.ac.uk
 [IPv6:2001:630:212:8::e:f41])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 7553E2F6CC
 for <tor-talk@lists.torproject.org>; Fri, 27 Jun 2014 12:06:36 +0000 (UTC)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from 45.109.2.81.in-addr.arpa ([81.2.109.45]:63321
 helo=[192.168.181.97])
 by ppsw-41.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.157]:587)
 with esmtpsa (PLAIN:sjm217) (TLSv1:AES128-SHA:128)
 id 1X0Udl-0001z4-Q0 (Exim 4.82_3-c0e5623) for tor-talk@lists.torproject.org
 (return-path <sjm217@hermes.cam.ac.uk>); Fri, 27 Jun 2014 12:48:25 +0100
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Steven Murdoch <Steven.Murdoch@cl.cam.ac.uk>
In-Reply-To: <1403807918.66732.YahooMailNeo@web122404.mail.ne1.yahoo.com>
Date: Fri, 27 Jun 2014 12:48:27 +0100
Message-Id: <CCD34AB1-E857-4144-95CE-E2145CF4C9E5@cl.cam.ac.uk>
References: <1403807918.66732.YahooMailNeo@web122404.mail.ne1.yahoo.com>
To: tor-talk@lists.torproject.org
X-Mailer: Apple Mail (2.1510)
Subject: Re: [tor-talk] How does DNS work with .onion addresses?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 26 Jun 2014, at 19:38, Bobby Brewster <bobbybrewster203@yahoo.com> wrote:
> I know that when the TBB connects to a 'normal' .com or .org or whatever address then the DNS resolution is done by the exit node.  There is no need anymore (not for several years now) for the client to set-up DNS manually (as used to be the case with Polipo or Privoxy).
> 
> However, how does DNS work for .onion?  I assume that each exit node understands how to route traffic for all .onion addresses? How does it know how to direct the client request?

For .onion addresses, DNS is not used. Your Tor client receives a SOCKS connect request for a .onion address and recognises it as a hidden service request. Your Tor client then performs the hidden-service rendezvous procedure, including looking up the current introduction point in the hidden service distributed hash table (as your traffic never leaves the Tor network, there's no exit node involved).

> Is it possible for DNS to leak with .onion?

Yes. If your browser is misconfigured then the DNS request will go out to your OS's configured DNS server, then likely out to your ISP, then likely out to one of the root name servers. Assuming nobody is being malicious, you'll get an error message that the domain name doesn't exist but someone eavesdropping you will know that you wanted to go to that hidden service. If someone is being malicious they could return the wrong IP address and your browser will connect to it.

There are people who survey DNS, and they report that there are quite a lot of requests for .onion. Some of these are people clicking on .onion links without Tor, but some could be the result of DNS leaks.

Best wishes,
Steven
 
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

