Opened 5 years ago

Closed 15 months ago

#12582 closed enhancement (wontfix)

Add support for detecting the DNS resolver used by a probe

Reported by: hellais Owned by: hellais
Priority: Medium Milestone:
Component: Archived/Ooni Version:
Severity: Normal Keywords: archived-closed-2018-07-04
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Currently when running the dns_consistency test if no resolvers are specified we attempt to read it from /etc/resolv.conf. Sometimes what is found inside of resolv.conf is the actual address of a DNS resolver, but it may be something in the local network.

To understand where censorship is actually happening it would be ideal to know the address of the true resolver that is being used. This can be achieved by delegating a subdomain of ooni.nu to a nameserver that is controlled by us. This way every time a DNS query for <RANDOM_STRING>.<SUBDOMAIN>.ooni.nu is done we will see a query to our nameserver.

This nameserver will simply return to every A query the IP address that issued the request. A test helper for this has already been implemented: https://github.com/TheTorProject/ooni-backend/blob/master/oonib/testhelpers/dns_helpers.py#L26.

What needs to be done is added support to ooni-probe for performing this lookup and using the data in the report.

Child Tickets

Change History (2)

comment:1 Changed 22 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

comment:2 Changed 15 months ago by teor

Keywords: archived-closed-2018-07-04 added
Resolution: wontfix
Status: newclosed

Close all tickets in archived components

Note: See TracTickets for help on using tickets.