Opened 2 years ago

Last modified 6 months ago

#21989 new enhancement

Should we tell Exits to reject all traffic if DNS fails?

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: dns, tor-exit, reliability self-test
Cc: micah Actual Points:
Parent ID: Points: 1
Reviewer: Sponsor:

Description

Tor Exits with broken DNS still allow Exit traffic.

But this slows down initial connections for clients, because the Exit will refuse all DNS requests. (Clients no longer cache DNS.)

Perhaps we should make Exits refuse traffic until their DNS is working?
(Unless a non-default option is set?)

This would also fix #21900, where a broken DNS config really does stop all Exit traffic.

Child Tickets

Change History (8)

comment:1 Changed 23 months ago by micah

Cc: micah added

comment:2 Changed 23 months ago by arma

I think we think we already have exits refuse to be exits if their dns isn't working.

See check_dns_honesty_callback() and the dns_launch_correctness_checks() that it calls.

It looks like it could be improved.

comment:3 in reply to:  2 Changed 23 months ago by teor

Replying to arma:

I think we think we already have exits refuse to be exits if their dns isn't working.

See check_dns_honesty_callback() and the dns_launch_correctness_checks() that it calls.

Well, maybe we try, but it doesn't work consistently right now.

In fact, chutney's upcoming offline mode (#21903) will rely on the fact that exits without DNS still allow exiting to IP addresses.

It looks like it could be improved.

If we fix this, we need to make sure AllowBrokenDNSConfig actually works. Or we need to add an option that maintains the current behaviour, because chutney relies on it.

comment:4 Changed 23 months ago by arma

For chutney, see also

  if (!get_options()->ServerDNSDetectHijacking)
    return;

comment:5 Changed 22 months ago by cypherpunks

But this slows down initial connections for clients, because the Exit will refuse all DNS requests. (Clients no longer cache DNS.)

#21394

comment:6 Changed 22 months ago by nickm

Keywords: reliability self-test added
Type: defectenhancement

comment:7 Changed 20 months ago by teor

Chutney now has a workaround for this in #21903.

comment:8 Changed 6 months ago by nickm

Parent ID: #21900
Note: See TracTickets for help on using tickets.