CNAMEs that point to a .bit domain will leak to Tor exit relay

namecoin / ncprop279

Bridge between Tor Prop279 (Pluggable Naming) clients and Namecoin.

https://www.namecoin.org/

GNU General Public License v3.0

1 stars 5 forks source link

CNAMEs that point to a .bit domain will leak to Tor exit relay #7

Open JeremyRand opened 5 years ago

JeremyRand commented 5 years ago

We don't recursively follow CNAMEs, which means that any CNAME record that points to another .bit domain will end up leaking to the Tor exit relay. We should recursively follow CNAME records to fix this.

JeremyRand commented 5 years ago

Note that we should apply a limit on recursive CNAMEs in order to avoid infinite loop issues.

JeremyRand commented 5 years ago

Would be useful to check what the limit is set to in recursive DNS servers such as Unbound.

JeremyRand commented 4 years ago

Hmm, this might make more sense to solve on the StemNS layer rather than the ncprop279 layer. That way we can handle the case of one naming plugin redirecting to another.