Skip to content

Overhaul DNS behaviour, and add support for IPv6

eta requested to merge eta/dnsv2-and-ipv6 into main
  • The built-in DNS server has been significantly improved.

  • It now handles multiple questions, AAAA records, and actually responds to queries with 'not implemented' when you send it something it doesn't understand.

  • The addresses given out are now totally randomized within 10/8 or fec0::/10, instead of counting up from a base address in an easily-guessable pattern.

    • Accordingly, the IPv4 addressing has changed to be 169.264.42.1/24 instead of 10.42.42.1 on the client side. cc @cyberta
  • The addresses are now also isolated per-app (well, per-isolation-key at the onion-tunnel layer), to prevent data leakage.

  • Also, we now support IPv6.

  • We rewrite the hacky TCP parsing code to be a bit better laid-out to support this change, and hack in support for parsing out IPv6 Hop-by-Hop headers (as required to make this work).

  • Apart from the parser and DNS, very few other changes are required, since most of the code was version-agnostic anyway.

  • That said, the Arti proxy layer will try and get you a stream that aligns with the IP version you asked for.

Merge request reports

Loading