Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Trac Trac
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Service Desk
    • Milestones
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • Legacy
  • TracTrac
  • Issues
  • #19025
Closed (moved) (moved)
Open
Issue created May 10, 2016 by Philipp Winter@phw

Exit relays always return DNS TTL 60 to tor clients

When tor clients resolve a domain name, exit relays are supposed to return the DNS TTL as part of their response.

At the moment, it looks like exit relays always return TTL 0 for both A and AAAA records. Only PTR records seem to come with a TTL > 0. The relevant variables on the exit side are ttl_ipv4 and ttl_ipv6 in src/or/dns_structs.h. The variables should be initialised in the function cached_resolve_add_answer. The variable ttl_hostname for PTR records is assigned ttl:

resolve->ttl_hostname = ttl;

The variables ttl_ipv4 and ttl_ipv6, however, are not. Therefore, exit relays always send back TTL 60 to clients (60 instead of 0 because the function dns_clip_ttl turns it into MIN_DNS_TTL, i.e., 60).

Commit 2889bd264 added the code to tor. It added ttl_hostname, ttl_ipv4 and ttl_ipv6, but never initialised the latter two. I wonder if this is an oversight? Commit c660a0f6 talks about potential attacks, but I don't think that explains this issue.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking