Round down DNS TTL to the nearest DEFAULT_DNS_TTL (30 minutes)
|Reported by:||teor||Owned by:||nickm|
|Priority:||Very High||Milestone:||Tor: 0.2.9.x-final|
|Severity:||Normal||Keywords:||029-proposed, dns, TorCoreTeam201609, 029-backport|
|Cc:||phw, pulls, nicoo||Actual Points:||.2|
In #19025, we fix a bug that prevented exits sending DNS TTLs to clients for IPv4 and IPv6 addresses.
But we don't want to have too many potential values for these TTLs, to avoid tagging attacks.
So I propose
- Exits round down (truncate) the TTL received from the DNS server, and
- Clients round down the TTL received from the Exit,
to the nearest of:
- MIN_DNS_TTL (1 minute), or
- DEFAULT_DNS_TTL (30, 60, 90, 120, 150, 180 minutes)
MAX_DNS_TTL is 3 hours, so there are only 7 possible values for the TTL.
I chose to round down because that way, Tor DNS TTLs are only ever shorter than the lifetime specified by the DNS server.
I don't think we need to add noise to the TTL received from either the DNS server or Exit. I can't see the value in randomising it, and allowing randomisation could hide a tagging attack.
Change History (25)
comment:16 Changed 4 months ago by nickm
- Actual Points set to .2
- Status changed from needs_information to needs_review
comment:20 Changed 4 months ago by nickm
- Owner set to nickm
- Status changed from needs_review to accepted