Opened 11 days ago

Last modified 8 days ago

#32915 new defect

Some Tor exit node servers are using Cloudflare DNS, result in "DNS resolution error"

Reported by: cypherpunks Owned by:
Priority: Medium Milestone:
Component: - Select a component Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: #24351 Points:
Reviewer: Sponsor:

Description

Like other online users, Cloudflare's DNS sometimes return their own internal IP address. This behaviour results in DNS error screen.

You better ask Tor exit owners to change their DNS server to ISP one, or run unbound locally.

Child Tickets

Change History (17)

comment:1 Changed 10 days ago by cypherpunks

Please enable cookies.
Error 1001 Ray ID: 5535cf189e478d0f • 2020-01-11 xx:xx:xx UTC
DNS resolution error
What happened?

You've requested a page on a website (spreadprivacy.com) that is on the Cloudflare network. Cloudflare is currently unable to resolve your requested domain (spreadprivacy.com). There are two potential causes of this:

Most likely: if the owner just signed up for Cloudflare it can take a few minutes for the website's information to be distributed to our global network.
Less likely: something is wrong with this site's configuration. Usually this happens when accounts have been signed up with a partner organization (e.g., a hosting provider) and the provider's DNS fails.

Cloudflare Ray ID: 5535cf189e478d0f • Your IP: 2405:8100:8000:5ca1::4ae:dbad • Performance & security by Cloudflare

comment:2 Changed 10 days ago by cypherpunks

above was observed while using tor rowser 9.0.4.

Someone!?

comment:3 Changed 10 days ago by cypherpunks

Tor circuit last node(3rd one)

195.128.103.192

Ban this piece of shit please...

comment:4 Changed 10 days ago by cypherpunks

Another one!!!!!!!!!!!!!!

Hey TPO monitor your exits!!

comment:5 Changed 10 days ago by cypherpunks

Please enable cookies.
Error 1001 Ray ID: 5535dad91ec26e3c • 2020-01-11 xx:xx:xx UTC
DNS resolution error
What happened?

You've requested a page on a website (spreadprivacy.com) that is on the Cloudflare network. Cloudflare is currently unable to resolve your requested domain (spreadprivacy.com). There are two potential causes of this:

Most likely: if the owner just signed up for Cloudflare it can take a few minutes for the website's information to be distributed to our global network.
Less likely: something is wrong with this site's configuration. Usually this happens when accounts have been signed up with a partner organization (e.g., a hosting provider) and the provider's DNS fails.

Cloudflare Ray ID: 5535dad91ec26e3c • Your IP: 2405:8100:8000:5ca1::493:8b61 • Performance & security by Cloudflare

comment:6 Changed 10 days ago by cypherpunks

above circuit's 3rd one(exit)

163.172.21.117

comment:7 Changed 10 days ago by cypherpunks

And many others.

  1. Open tor browser
  2. Open in new tab, https://spreadprivacy.com/
  3. Change circuit and observe

comment:8 Changed 10 days ago by cypherpunks

Yippee

Please enable cookies.
Error 1001 Ray ID: 5535dfec3d716e18 • 2020-01-11 xx:xx:xx UTC
DNS resolution error
What happened?

You've requested a page on a website (spreadprivacy.com) that is on the Cloudflare network. Cloudflare is currently unable to resolve your requested domain (spreadprivacy.com). There are two potential causes of this:

Most likely: if the owner just signed up for Cloudflare it can take a few minutes for the website's information to be distributed to our global network.
Less likely: something is wrong with this site's configuration. Usually this happens when accounts have been signed up with a partner organization (e.g., a hosting provider) and the provider's DNS fails.

Cloudflare Ray ID: 5535dfec3d716e18 • Your IP: 2405:8100:8000:5ca1::4af:74a • Performance & security by Cloudflare

comment:9 Changed 10 days ago by cypherpunks

above one's exit is

87.117.247.111

comment:10 Changed 10 days ago by nusenu

This is not related to DNS, cloudflare uses alt-svc and the IP address you are seeing in the HTML somewhat confirms that is an issue related to their onion services.

You can read more about that here:
https://blog.cloudflare.com/cloudflare-onion-service/

You might want to contact Mahrud but he is no longer at CF AFAIK.

As a workaround you might be able to disable alt-svc support in your browser to avoid going through their onions.

Last edited 10 days ago by nusenu (previous) (diff)

comment:11 Changed 10 days ago by cypherpunks

This is not related to DNS

Objection. If the exit node is not querying 1.1.1.1 then I won't see such errorpage at all.

comment:12 Changed 10 days ago by cypherpunks

you might be able to disable alt-svc support in your browser

This is plain Tor Browser and I did not install any add-ons.

You will see same error when you rorate your circuit & click "New identity" button.

comment:13 Changed 10 days ago by cypherpunks

If the exit node is not querying 1.1.1.1

How do you know that?

This is plain Tor Browser and I did not install any add-ons.

network.http.altsvc.enabled option

comment:14 Changed 10 days ago by cypherpunks

alt-svc support in your browser

non transparent non informative implementation for onion alt-svc, leading to confuse (and exploits?)

comment:15 Changed 10 days ago by cypherpunks

You will see same error when you rorate your circuit & click "New identity" button.

In the same sense that Cloudflare owns the IP addresses that serve our customers’ websites, we run 10 .onion addresses. Think of them as 10 Cloudflare points of presence (or PoPs) within the Tor network.

some of them broken

comment:16 Changed 10 days ago by cypherpunks

None of the IP addresses listed in this trac issue are tor exit relays, they are just relays.
Which confirms that the reporter of this issue was always looking at non-exit circuits to onion services.

195.128.103.192
https://metrics.torproject.org/rs.html#details/95FA758717D185CBC1D5EE992AAE084AD041927D

163.172.21.117
https://metrics.torproject.org/rs.html#details/74B8B22AF950B0BE11D8A228FB09D2F5279FB757

87.117.247.111
https://metrics.torproject.org/rs.html#details/6A3C57BE1EA3B400240F821A22B5E6060501A031

comment:17 in reply to:  3 Changed 8 days ago by cypherpunks

Replying to cypherpunks:

Tor circuit last node(3rd one)

195.128.103.192

Ban this piece of shit please...

Hey, you can educate the volunteers first! But this can't be the true. Please educate yourself about circuits positions! Instead of blaming someone else and requesting ban. I request for banning false positive reports.

http://rougmnvswfsmd4dq.onion/rs.html#details/95FA758717D185CBC1D5EE992AAE084AD041927D

Note: See TracTickets for help on using tickets.