Opened 11 months ago

Closed 11 months ago

Last modified 11 months ago

#28461 closed defect (wontfix)

Encourage sbws operators to install a local caching resolver

Reported by: teor Owned by:
Priority: Medium Milestone: sbws: 1.0.x-final
Component: Core Tor/sbws Version: sbws: 1.0.0
Severity: Normal Keywords: doc, sbws-1.0-must-closed-moved-20181128
Cc: pastly, juga Actual Points:
Parent ID: #28458 Points:
Reviewer: Sponsor:

Description

Installing a local caching resolver avoids issues with the provider's DNS.

Child Tickets

Change History (6)

comment:1 Changed 11 months ago by juga

I don't think this is a good idea, because:

  1. you give more work to bwauths
  2. sbws relay on one more external thing
  3. sbws traffic is fingerprintable, but dns queries will go in most cases in clear
  4. if using a CDN, the ip that that the bwauth server gets will be different that the one the exit will see, so checking if we can exit with a relay with that ip, doesn't make sense

comment:2 Changed 11 months ago by juga

  1. it's also not needed, if the exit doesn't allow to reach the http server ip, it'll just fail, and sbws will try with other exit

comment:3 in reply to:  1 Changed 11 months ago by teor

Replying to juga:

I don't think this is a good idea, because:

  1. you give more work to bwauths

Yes, this is true. Although installing a caching / recursive resolver takes about 5 minutes.

  1. sbws relay on one more external thing

sbws already relies on the system DNS resolver, which is sometimes unreliable.
Installing a caching or recursive resolver makes DNS more reliable.

  1. sbws traffic is fingerprintable, but dns queries will go in most cases in clear

sbws already relies on the system DNS resolver, which sends DNS queries in the clear.

  1. if using a CDN, the ip that that the bwauth server gets will be different that the one the exit will see, so checking if we can exit with a relay with that ip, doesn't make sense

We already talked about the CDN issue in:
https://trac.torproject.org/projects/tor/ticket/28458#comment:3

comment:4 Changed 11 months ago by teor

If we decide to stop using DNS in #28458, then we can close this ticket.

comment:5 Changed 11 months ago by teor

Milestone: sbws 1.0 (MVP must)
Resolution: wontfix
Status: newclosed

I don't think we will do this ticket.

comment:6 Changed 11 months ago by teor

Keywords: sbws-1.0-must-closed-moved-20181128 added
Milestone: sbws 1.0 (MVP must)sbws: 1.0.x-final

Move all closed sbws 1.0 must tickets to sbws 1.0.x-final

Note: See TracTickets for help on using tickets.