-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello everyone,
I have a few questions about how the Tor network handles DNS lookup requests that I couldn't find answers to in any of the documentation I went through, so hopefully I can find an answer here. 1) It is clear that the Tor network only handles TCP traffic and not UDP, which is, of course, what standard DNS lookup requests use (UDP). So, when directing DNS lookup requests into the Tor network (whether by setting the network.proxy.socks_remote_dns flag in Firefox or using Privoxy or whatever), is the application or proxy (Firefox or Privoxy, in this example) handing the DNS lookup request to the Tor client using TCP already, or does the Tor client translate the UDP DNS lookup request into a TCP DNS lookup request before passing to the first OR (entry node)? 2) Once the DNS lookup request reaches the exit node, does the exit node perform a standard UDP DNS lookup using it's configured nameservers, or does it do it using a TCP DNS lookup? 3) Is it necessary to allow traffic to port 53 in the exit policy of an OR in order for that OR to perform DNS lookups on the behalf of client requests? I know that common sense appears to suggest that this is so, but I couldn't find anything in the documentation stating if DNS lookups are just something all exit nodes handle automatically and by default, or if only exit nodes configured to allow outbound traffic to port 53 allow them. Furthermore, depending on what the answer to question number 2 is, one might think that allowing outbound traffic to port 53 in an exit policy is only necessary if the operator wants to allow TCP connections to port 53, since that is, of course, the case with every other port you could put in an exit policy (TCP-ONLY). Any clarification would be appreciated. If I wasn't clear on any of the questions, please feel free to let me know, and I'll try to do a better job explaining. Thank you. Best regards, Joe Kowalski PGP Key ID: 0xA96A2EE0 -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wkYEARECAAYFAkRabp0ACgkQQ4RaO6lqLuDFiwCaAx+gRctNSaWVShdVAw3niZ7wmhoA n2NeAo2n3AVpXYSn+UxPXz7/oyhT =j381 -----END PGP SIGNATURE-----
