Opened 7 years ago

Closed 2 years ago

#7797 closed defect (duplicate)

tor DNS resolver unable to handle/return SRV type DNS records

Reported by: mr-4 Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: 0.2.4.7-alpha
Severity: Normal Keywords: tor-client dns needs-proposal
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Tor's internal DNS resolver is incapable of looking up SRV (service type) DNS records.

SRV-type DNS records have the following format: _service._protocol.name (like "_sip._udp.ekiga.net" for example). The "output" I am getting from tor is as follows (127.0.0.1 refers to tor's internal DNS server):

# dig @127.0.0.1 _sip._udp.ekiga.net SRV

; <<>> DiG 9.7.3-P1-RedHat-9.7.3-2.P1.fc18 <<>> @127.0.0.1 _sip._udp.ekiga.net SRV
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOTIMP, id: 29790
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;_sip._udp.ekiga.net. IN SRV

;; Query time: 2 msec
;; SERVER: 127.0.0.1 # 53(127.0.0.1)
;; WHEN: Wed Dec 26 00:45:05 2012
;; MSG SIZE rcvd: 37

Note the "status" above as NOTIMP (Not Implemented). The correct output, using a "proper" DNS server (marked as xxx.xxx.xxx.xxx below) is as follows:

# dig @xxx.xxx.xxx.xxx _sip._udp.ekiga.net SRV

; <<>> DiG 9.7.3-P1-RedHat-9.7.3-2.P1.fc18 <<>> @xxx.xxx.xxx.xxx _sip._udp.ekiga.net SRV
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65507
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;_sip._udp.ekiga.net. IN SRV

;; ANSWER SECTION:
_sip._udp.ekiga.net. 86400 IN SRV 0 0 5060 ekiga.net.

;; ADDITIONAL SECTION:
ekiga.net. 85881 IN A 86.64.162.35

;; Query time: 24 msec
;; SERVER: xxx.xxx.xxx.xxx # 53(xxx.xxx.xxx.xxx)
;; WHEN: Wed Dec 26 00:48:01 2012
;; MSG SIZE rcvd: 82

As evident, the "status" returned is NOERROR (No Error).

Child Tickets

Attachments (4)

tor-socks.spec (2.0 KB) - added by mr-4 7 years ago.
torsocks.spec (Fedora-tailored)
ttdnsd.spec (1.8 KB) - added by mr-4 7 years ago.
ttdnsd spec file (Fedora-tailored)
ttdnsd-Makefile (1.4 KB) - added by mr-4 7 years ago.
ttdnsd Makefile to suit the packaged build
ttdnsd.init (1.4 KB) - added by mr-4 7 years ago.
mopdified (and improved) ttdnsd init script

Download all attachments as: .zip

Change History (14)

comment:1 Changed 7 years ago by mr-4

Version: Tor: 0.2.4.7-alpha

comment:2 Changed 7 years ago by nickm

Keywords: tor-client dns needs-proposal added
Milestone: Tor: unspecified

Tor doesn't currently support remote resolution of arbitrary record types: partially because Libevent's evdns module doesn't support that, and partially because there isn't a design for that yet. Neither problem is insurmountable, but neither is going to get resolved by 0.2.4.x. For now, you might check to see if ttdns meets your needs.

(I had thought we already had a ticket for making tor support more record types, but I don't seem to find it atm)

comment:3 Changed 7 years ago by mr-4

What I currently do is use a publicly available DNS service which supports tcp, while channelling all requests through a local proxy via tor. Something like:

client_app -> local proxy -> tor (tor exit node) -> public DNS (supporting tcp so that the request could be made over tor)

A bit complicated, but it does the job - for now.

comment:4 Changed 7 years ago by mr-4

I am going to attach 2 .spec files, new Makefile and ttdnsd.init files.

They allow torsocks and ttdnsd to be nicely packaged in a rpm file (Fedora-based). The latter 2 files are for ttdnsd - the Makefile is a cut-down version of the original with a few modifications/improvements I've made to fit the standard directory hierarchy.

The ttdnsd.init file is an improved and simplified version of the init.d script originally supplied in the ttdnsd.tar.gz archive.

Hopefully this could be useful to the ttdnsd/torsocks devs. I am going to deploy torsocks/ttdnsd in the next few days to hopefully take advantage of its extended functionality and the ability to deal with SRV/NAPTR and other such record types.

Changed 7 years ago by mr-4

Attachment: tor-socks.spec added

torsocks.spec (Fedora-tailored)

Changed 7 years ago by mr-4

Attachment: ttdnsd.spec added

ttdnsd spec file (Fedora-tailored)

Changed 7 years ago by mr-4

Attachment: ttdnsd-Makefile added

ttdnsd Makefile to suit the packaged build

Changed 7 years ago by mr-4

Attachment: ttdnsd.init added

mopdified (and improved) ttdnsd init script

comment:5 Changed 7 years ago by mr-4

Just for reference - I've submitted a report (see bug #8043) as I am struggling to make ttdnsd/torsocks work with tor.

comment:6 Changed 6 years ago by mr-4

Is there anybody out there who actively maintains ttdnsd/torsocks or, at the very least, paying attention to the tickets submitted?

The reason I am asking this is because I've opened a ticket (see above comment) over 4 weeks ago and since then ... nothing.

A while ago I've also emailed the supposed torsocks "project maintainer" (yeah, as if!) - jacob@…, but still not a squeak - nada, zilch!

If these two projects are abandoned for whatever reason or nobody couldn't care less about them, then please let me know so I won't bother submitting anything or waiting for a resolution which may never come. Thanks.

comment:7 Changed 6 years ago by nickm

Jacob's got a lot of projects going on at once, mr-4. You could try stopping by IRC some time and chatting with him there. Right now, torsocks is pretty much a work-in-progress labor-of-love thing that Jacob picked up because the previous maintainer was even *more* busy, so you might need to remind folks to make time for it, and try to rope more people into helping.

For example, there have been some pretty good torsocks discussions/work organized on the tor-talk list; you might try to get more people looking at your torsocks issues over there.

comment:8 in reply to:  7 Changed 6 years ago by mr-4

Replying to nickm:

Jacob's got a lot of projects going on at once, mr-4. You could try stopping by IRC some time and chatting with him there. Right now, torsocks is pretty much a work-in-progress labor-of-love thing that Jacob picked up because the previous maintainer was even *more* busy, so you might need to remind folks to make time for it, and try to rope more people into helping.

I do appreciate all that (we are all busy - some more so than others), but I expected, at the very least, some sort of acknowledgement/response, especially given his recent announcement of torsocks 1.3 on tor-talk:

"We believe that this release fixes most of the outstanding torsocks
issues. We also also hope that it merges all of the various patches that
were being shared in the community."

"Please report any new bugs or patches on the Tor bug tracker!"

"If you'd like to see the current set of bugs and the future
improvements, please visit the bug tracker for the torsocks component:

https://trac.torproject.org/projects/tor/query?component=Torsocks

I've done even more than that, but since I haven't had any sort of reply/response, if Jacob couldn't be bothered for whatever reason, why should I?

comment:9 Changed 6 years ago by nickm

I'm now using #7829 as the primary ticket to track the original "Tor's DNSPort should handle more RR types" item.

comment:10 Changed 2 years ago by nickm

Resolution: duplicate
Severity: Normal
Status: newclosed

Closing as duplicate of #7829

Note: See TracTickets for help on using tickets.