Skip to content

GitLab

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Open
Created by David Fifield@dcfOwner

DNS-based rendezvous for Snowflake

From legacy/trac#25594 (moved): An idea to use DNS over HTTPS: https://groups.google.com/forum/#!topic/traffic-obf/ZQohlnIEWM4

The circumvention idea is to take any existing DNS tunneling scheme and send it through DNS over HTTPS. To be a bit more specific: you send recursive DNS queries (encoding your upstream traffic) to the DNS-over-HTTPS server, which then forwards the queries to another specialized server that decodes them and proxies the data they contain.

Even if not a general-purpose transport, DNS-over-HTTPS could be an ideal rendezvous mechanism for a system like Snowflake or Moat. One where you only need to send/receive a small amount of very hard-to-block data in order to bootstrap a connection.

The way I see it, there are two parts of this:

  1. Using DNS as an underlying transport: the client sends a DNS request containing its encoded offer; the broker sends back a DNS response containing an encoded proxy answer.
  2. Sending via DNS-over-HTTPS in order to avoid blocking of the DNS messages themselves.