summaryrefslogtreecommitdiff
path: root/src/or/dns.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2008-10-29 19:20:02 +0000
committerNick Mathewson <nickm@torproject.org>2008-10-29 19:20:02 +0000
commit0c9dfffe5a19da330f3c2b6daa33c40aa786ba06 (patch)
tree6753fc75a167c7ed8b79271618232d79e10bca98 /src/or/dns.c
parentc8a5e2d588e0d91fd13070dc0ee4d6b19de779c3 (diff)
downloadtor-0c9dfffe5a19da330f3c2b6daa33c40aa786ba06.tar.gz
tor-0c9dfffe5a19da330f3c2b6daa33c40aa786ba06.zip
Implement the 0x20-hack to make DNS poisoning harder against us, especially when resolving large names. Add a cfg option to disable it, since apparently 3/10 of a percent of servers get it wrong.
svn:r17171
Diffstat (limited to 'src/or/dns.c')
-rw-r--r--src/or/dns.c21
1 files changed, 12 insertions, 9 deletions
diff --git a/src/or/dns.c b/src/or/dns.c
index aa251b4322..03dc85f421 100644
--- a/src/or/dns.c
+++ b/src/or/dns.c
@@ -184,13 +184,10 @@ evdns_log_cb(int warn, const char *msg)
log(severity, LD_EXIT, "eventdns: %s", msg);
}
-/** Helper: generate a good random transaction ID. */
-static uint16_t
-dns_get_transaction_id(void)
+static void
+randfn(char *b, size_t n)
{
- uint16_t result;
- crypto_rand((void*)&result, sizeof(result));
- return result;
+ crypto_rand(b,n);
}
/** Initialize the DNS subsystem; called by the OR process. */
@@ -198,9 +195,15 @@ int
dns_init(void)
{
init_cache_map();
- evdns_set_transaction_id_fn(dns_get_transaction_id);
- if (server_mode(get_options()))
- return configure_nameservers(1);
+ evdns_set_random_bytes_fn(randfn);
+ if (get_options()->ServerDNSRandomizeCase)
+ evdns_set_option("randomize-case", "1", DNS_OPTIONS_ALL);
+ else
+ evdns_set_option("randomize-case", "0", DNS_OPTIONS_ALL);
+ if (server_mode(get_options())) {
+ int r = configure_nameservers(1);
+ return r;
+ }
return 0;
}
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion