Skip to content

GitLab

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed (moved)
Opened by Trac@tracbot

DNS not reliably returning AAAA records

[Enhancement Request]

(Cleaner explanation than closed ticket #24798 (moved))

I have a Tor Router set with dual stack. DNS is done in ipv4 through (it should not matter since an ipv4 DNS can still respond to AAAA queries)

I can't find a setting to make DNS reliably returning AAAA records: it is sort of "random", probably depending on the exit node.

$ uname -a Linux user-pc 4.4.0-104-generic #127-Ubuntu SMP Mon Dec 11 12:16:42 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ tor --version Tor version 0.2.9.11 (git-aa8950022562be76).

(I will test 0.3.1, as recommended, next week when we have Bionic Beaver Alpha 1... to avoid having to compile with Ubuntu chaintool I'm not so familiar with... and because it has dependencies that are not in 16.04 -already tried!)

Here is the relevant tor snippet

$ head /etc/tor/torrc

DNSPort 172.16.0.1:9053 IPv6Traffic TransPort 172.16.0.1:9040 TransPort [fe80::10%vnet0]:9040 ClientUseIPv6 1 ClientPreferIPv6ORPort 1 ClientPreferIPv6DirPort 1

Here is what I get from a machine connected to the router:

$ curl 'http://ipv4.whatismyip.akamai.com'; echo; curl -g -H 'Host: ifconfig.co' http://[2001:470:28:840::cafe:d00d]; echo "dig"; dig ifconfig.co A ifconfig.co AAAA +short; 46.182.19.15 2607:5300:120:312::1:1 dig 188.113.88.193

$ !! 199.87.154.255 2a00:fc00:e000:b001::f4ee dig 188.113.88.193

$ !! 5.254.112.154 2620:18c:0:1001::102 dig 188.113.88.193 2001:470:28:840::cafe:d00d

$ !! 197.231.221.211 2620:18c:0:1001::102 dig 188.113.88.193

$ !! 192.42.116.16 2604:8b40:1:3::1 dig 188.113.88.193

$ !! 185.220.101.16 2a03:f85:8::7 dig 188.113.88.193 2001:470:28:840::cafe:d00d

(changing exit between each repetition with a NEWNYM command)

So, as you can see, both the ipv4 an the ipv6 stack work (first 2 curls of the command line), no issue with that fortunately!

For ipv6 I have to force the ipv6 address since the DNS query not always returns AAAA responses.

Depending on the exit host, we get AAAA responses... or not!

Question: how to make AAAA responses reliable?

''P.S.: from teor's response in my initial ill-worded ticket, I don't think it is relevant to add 'IPv6Traffic' to TransPort. Indeed, when you bind the TransPort to an ipv4 address you can't sen ipv6 there, and when you bind to an ipv6 address, it is already for ipv6. Even more, you can't do that: tor-0.2.9 rightfully complaining when you add that to TransPort, whereas it is pleased (but has no effect!) when you specify the option for DNSPort''

P.S.2: You might have noticed the [fe80::10%vnet0] in my torrc, this is not a bug, I am using my patched version that accepts binding to link-local ipv6 addresses. #23819 (moved)

Trac:
Username: Zakhar

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information