On Sun, 25 Mar 2007 12:22:12 -0700 Matt Ghali <[EMAIL PROTECTED]> wrote: >On Sun, 25 Mar 2007, Joseph B. Kowalski wrote: > >> On Sun, 25 Mar 2007 03:20:10 -0700 Pei Hanru ><[EMAIL PROTECTED]> >> wrote: > >>> A small issue. When I query the DNSBL server for my slow, >>> middleman only (reject *:*) server, it returns 127.0.0.2. >>> Is it a good idea to include non-exit Tor servers in this >>> list? >>> >> >> Yes, since when you are performing the first type of query, >> you are simply asking whether an IP address is an active >> Tor server or not, of any kind. Now, if anyone wanted to >> see if your Tor server would exit to their location or not, >> they could perform the second type of query (See my >> original post for details on the two query types, if >> necessary), which, in your case, would always return >> NXDOMAIN since you don't allow any exiting. > > Please consider returning a different A record for the first > query type to allow differentiation between exit nodes and > middlemen. Returning 127.0.0.2 for exit nodes and 127.0.0.3 > for middleman nodes will allow sendmail dnsbl configurations > to easily do the 'right' thing.
Hi Matto, Differentiation between exit nodes and middlemen is exactly what the first query type is NOT designed to do, and exactly what the second query type IS designed to do since, as the Tor volunteer page I quoted in my original post states "...being an exit server is not a boolean..." Saying that "Tor server X is an exit server" is exactly what we're attempting to get away from here, as that is really not a valid statement unless Tor server X actually allows exit to every IP on every port. Assuming it does not, then Tor server X is an exit from the perspective of some and not an exit from the perspective of others, hence the second query type. As a matter of fact, there really is not much reason to have the first query type at all, I mainly just did it cause I thought it would be a neat feature. In fact, unless I'm misunderstanding your comment, the second query type would be well suited for the example you give, which is "allow sendmail dnsbl configurations to easily do the 'right' thing". I'm presuming you are saying that you have a sendmail server running that would like to determine if the machine making a connection to it is a Tor server that would allowing exiting to it. In this case, the second query type will provide exactly that information. Knowing that the machine connecting to you is STRICTLY a Tor 'middleman' node is useless, I would think, since in that case I would imagine it would be getting treated the same as any other Internet machine making a connection (Again, unless I'm missing something here). Hope that helps, and let me know if I'm missing something... Best regards, Joe Kowalski
