Opened 12 years ago

Closed 2 years ago

#635 closed defect (wontfix)

eventdns and caching of NXDOMAIN

Reported by: Safari Owned by:
Priority: Very Low Milestone: Tor: unspecified
Component: Core Tor/Tor Version: 0.1.2.19
Severity: Normal Keywords: dns tor-relay
Cc: Safari, nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by nickm)

Local DNS proxy might not include the SOA record (in case of NXDOMAIN) when it is resolving for tor,
but faking a SOA record should be easy... maybe a config option or #define for the TTL of cached NXDOMAIN?

Now in case of NXDOMAIN, eventdns does not include Authority RR with SOA record, so clients querying
tor can not cache the NXDOMAIN. They just keep on querying the same thing again and again.

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (5)

comment:1 Changed 12 years ago by nickm

This sounds fixable in 0.2.1.x, but I'm not enough of a DNS maven to figure out what the right thing to do here
actually is. It would probably be better to act more like a real DNS cache than like our current faked version,
but I don't know whether fixing this particular issue is wise in the absence of a way for the client Tor to learn
the real authority information from the exit node.

comment:2 Changed 9 years ago by nickm

Description: modified (diff)
Keywords: dns added
Milestone: post 0.2.1.xTor: unspecified

Moving to the "unspecified" milestone: this would be a fine thing to fix in any DNS revamp, but it is hurting nothing.

comment:3 Changed 7 years ago by nickm

Keywords: tor-relay added

comment:4 Changed 7 years ago by nickm

Component: Tor RelayTor

comment:5 Changed 2 years ago by nickm

Cc: Safari,nickmSafari, nickm
Resolution: Nonewontfix
Severity: Normal
Status: newclosed

closing this, because client-side DNS caching is just plain wrong for Tor in the absence of DNSSEC. (See ticket #7570 and proposal 205.)

Note: See TracTickets for help on using tickets.