On Thu, 17 Sep 2015 at 13:56:51 +0200, Werner Koch wrote: > To add this flag I need to find documentation on how to route DNS > requests via tor. A simple AAAA record lookup is not sufficient.
Unfortunately this doesn't seem to be possible currently, since at the end of the circuit creation the exit node replies with a single IP and TTL [0]. (Tor is TCP-only, hence not suitable to route DNS packets; DNS resolution is left to SOCKSv5 server [the tor client], which in turns delegates it to the exit node.) There is a proposed amendment to the Tor protocol [1] to support full DNS (and DNSSEC) resolution, but the proposal is still sketchy and has never been implemented. -- Guilhem. [0] https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt section 6.2 [1] https://gitweb.torproject.org/torspec.git/tree/proposals/219-expanded-dns.txt
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
