> "Alexander Janssen" wrote: > Hi, > > On 1/9/07, herfel [...] wrote: > > [... redirecting DNS-traffic to TOR via iptables ...] > > have a look at trans-proxy-tor and dns-proxy-tor, both available from > http://p56soo2ibjkx23xo.onion/ . I haven't looked into it yet, your > mileage may vary.
Where did you get that quote from? I don't think I wrote that, I certainly didn't mean that. Sorry for the confusion if my question was unclear. This is about a Tor-Server that's currently running with reject */*. I could accept port 53 (dns), but only if it was ok to force-redirect everything to my own dns-server. (Or simplified: I do not want people to send arbritrary tcp-traffic out of my port 53; but I would be ok with answering regular old DNS-queries.) For the large majority of users that wouldn't be a problem. However certain people might be annoyed or [theoretically] harmed if they are doing very specific things (see my original post), when they think they are talking to a specific DNS server but actually are not. Or in case they want to use port 53 for something else. So I am interested if there is a certain "ethical" policy to follow when running a tor-node that says "never touch traffic, even if it's with good intent" or "never say you accept exit-traffic on a port, unless you are willing to pass through all traffic on that port without modification". And if there is no such policy/ethical-code, I'd be interested in hearing opinions whether such behaviour would be considered good or bad. > Drop us a line if it's working, I was thinking about using that for my > public hotspot. It's next to impossible to run an open Wifi-network in > Germany without beeing frightened to get sued because of > copyright-violations or something... I haven't tried that specific script, but I am using a similar setup with openvpn elsewhere. It's certainly doable and not terribly complex. > "Ringo Kamens" wrote: > I don't know the technicals of DNS but it sounds like a great idea to > me. One of the major problems tor faces (IMHO) is DNS resolution which > isn't perfect. I don't which specific kinds of problems you refer to, but technically there are no hurdles to what I want to do. If in fact there is bottleneck in exit-nodes that handle dns-resolution, then my approach may be interesting to other middleman nodes that have local dns-servers, or dns-caches and help increase that number. But like I said, I have no idea if that is actually a real problem. (And the above question remains whether it would be considered ok). Regards Herfel -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
