Drop DNS request for ".onion" special-use domain name #196
Comments
Seems like a reasonable request, if you happen to have a patch, we'll review it. Otherwise it may take a little time for a developer to make this change. |
@bradh352 I have no patch yet, as well as no experience in writing C++, but I might give it a shot. |
bnoordhuis
added a commit
to bnoordhuis/c-ares
that referenced
this issue
Oct 22, 2018
Quoting RFC 7686: Name Resolution APIs and Libraries (...) MUST either respond to requests for .onion names by resolving them according to [tor-rendezvous] or by responding with NXDOMAIN. A legacy client may inadvertently attempt to resolve a .onion name through the DNS. This causes a disclosure that the client is attempting to use Tor to reach a specific service. Malicious resolvers could be engineered to capture and record such leaks, which might have very adverse consequences for the well-being of the user. Bug: c-ares#196
bradh352
added a commit
that referenced
this issue
Oct 23, 2018
Quoting RFC 7686: Name Resolution APIs and Libraries (...) MUST either respond to requests for .onion names by resolving them according to [tor-rendezvous] or by responding with NXDOMAIN. A legacy client may inadvertently attempt to resolve a .onion name through the DNS. This causes a disclosure that the client is attempting to use Tor to reach a specific service. Malicious resolvers could be engineered to capture and record such leaks, which might have very adverse consequences for the well-being of the user. Bug: #196 Fix By: Ben Noordhuis @bnoordhuis
fixed per #228 |
DronRathore
added a commit
to DronRathore/c-ares
that referenced
this issue
Mar 11, 2020
…#228) Quoting RFC 7686: Name Resolution APIs and Libraries (...) MUST either respond to requests for .onion names by resolving them according to [tor-rendezvous] or by responding with NXDOMAIN. A legacy client may inadvertently attempt to resolve a .onion name through the DNS. This causes a disclosure that the client is attempting to use Tor to reach a specific service. Malicious resolvers could be engineered to capture and record such leaks, which might have very adverse consequences for the well-being of the user. Bug: c-ares#196 Fix By: Ben Noordhuis @bnoordhuis
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
See: https://tools.ietf.org/html/rfc7686
The text was updated successfully, but these errors were encountered: