(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


When RFC 7686 and transparent proxies collide | time for old magic and for /etc/nsswitch.conf to save the day?

2023-11-13 15:49:57+00:00

The Tor Developer maillist is in the midst of discovering the consequences of LibCurl and/or its dependent DNS resolver libraries following RFC 7686 and starting to actively ban lookups for .onion network addresses in software namespaces that are meant for resolving DNS.

Regrettably it appears that for several years various anonymity tools have (ill-advisedly, riskily, unwisely, …?) been using DNS internally as a means of resolving Tor “darknet” .onion addresses as part of a transparent-proxy solution for small intranets and secure workstation solutions.

It’s a shame that they never asked anyone over 50 (or, then, 40) about this because we would have discussed things like “namespace violations” and “layering problems” and “alternative namespaces” and “well, Solaris solved this with nsswitch.conf and everyone else copied that…”

Yes, Virginia, avoiding polluting DNS is an old problem and there is a long established solution:
[END]

[1] URL: https://alecmuffett.com/article/108288
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.