r11723@Kushana: nickm | 2006-12-28 13:52:48 -0500

Fix bug 364: check for whether popular hostnames (curently google, yahoo, mit, and slashdot) are getting wildcarded. If they are, we are probably behind a DNS server that is useless: change our exit policy to reject *:*. svn:r9199
author: Nick Mathewson <nickm@torproject.org> 2006-12-28 21:29:11 +0000
committer: Nick Mathewson <nickm@torproject.org> 2006-12-28 21:29:11 +0000
commit: e5f5b96ca6bc35d22478840600c2dfdf2778950f (patch)
tree: 1c6d406bffc1d2691ff125894146d191fe17ebd2 /doc/tor.1.in
parent: 4cd302a1ebd44eafe5ac57062288436ab41b1220 (diff)
download: tor-e5f5b96ca6bc35d22478840600c2dfdf2778950f.tar.gz
tor-e5f5b96ca6bc35d22478840600c2dfdf2778950f.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/tor.1.in b/doc/tor.1.in
index 6ac3c1f735..32b9c63832 100644
--- a/doc/tor.1.in
+++ b/doc/tor.1.in
@@ -704,6 +704,14 @@ our local nameservers have been configured to hijack failing DNS requests
 this.  This option only affects name lookup for addresses requested by
 clients; and only takes effect if Tor was built with eventdns support.
 (Defaults to "1".)
+.LP
+.TP
+\fBServerDNSTestAddresses \fR\fIaddress\fR,\fIaddress\fR,\fI...\fP
+When we're detecting DNS hijacking, make sure that these \fIvalid\fP
+addresses aren't getting redirected.  If they are, then our DNS is
+completely useless, and we'll reset our exit policy to "reject *:*".
+(Defaults to "www.google.com, www.mit.edu, www.yahoo.com,
+www.slashdot.org".)
 
 .SH DIRECTORY SERVER OPTIONS
 .PP
author	Nick Mathewson <nickm@torproject.org>	2006-12-28 21:29:11 +0000
committer	Nick Mathewson <nickm@torproject.org>	2006-12-28 21:29:11 +0000
commit	e5f5b96ca6bc35d22478840600c2dfdf2778950f (patch)
tree	1c6d406bffc1d2691ff125894146d191fe17ebd2 /doc/tor.1.in
parent	4cd302a1ebd44eafe5ac57062288436ab41b1220 (diff)
download	tor-e5f5b96ca6bc35d22478840600c2dfdf2778950f.tar.gz tor-e5f5b96ca6bc35d22478840600c2dfdf2778950f.zip