Leeks and Leaks – Daniel.haxx.se
a year ago
- #Tor
- #DNS
- #Security
- The .onion TLD is specific to Tor and cannot be resolved by normal DNS, posing a risk of DNS leaks if attempted.
- RFC 7686 was published in 2015 to prevent DNS leaks by instructing software to refuse resolving .onion domains.
- Curl implemented RFC 7686 in 2023 (version 8.1.0), blocking .onion resolution to prevent accidental leaks.
- Tor users should use a SOCKS proxy to resolve .onion domains securely, avoiding local DNS leaks.
- A controversy arose when Tor users with unique setups requested an override for the .onion block, but no solution was merged.
- Tor's new tool, 'oniux', demonstrated a curl command with a .onion URL, conflicting with curl's RFC 7686 implementation.
- An issue was raised against curl for compatibility with 'oniux', highlighting the challenge of balancing security and usability.