Feature #5852: forbid lan dns queries

Feature #5852

forbid lan dns queries

Added by Tails 2013-07-18 07:47:13 . Updated 2013-07-19 01:43:12 .

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Target version:

Start date:

Due date:

% Done:

Feature Branch:

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

According to the The State of the DNS and Tor Union (also: a DNS UDP - >TCP shim)" thread on or-talk:

Many commercial Linux based routers like ActionTek and D-Link use dproxy-nexgen resolvers accessible at link-local 192.168.1.1. A reverse lookup of the gateway itself provides not just the internal address but also the public IP and hostname from ISP. there are other caching resolvers used in captive wifi portals and other locations with same behavior.

We then need to forbid queries to DNS resolvers on the LAN. Exceptions: at least the htp user; more?

This has been implemented, in Tails 0.7.

Subtasks

History

#1 Updated by intrigeri 2013-07-19 01:43:12

Type of work set to Code

Type of work: Code