From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 222EE385843B; Sat, 24 Feb 2024 08:00:10 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 222EE385843B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1708761611; bh=h11Vp4SvqcdZC/YE7gjz44xzCyN796vvJruPBtcEzPQ=; h=From:To:Subject:Date:In-Reply-To:References:From; b=sJDhzsEv01O57qRUT5q7HKNtSvHQhY/31HvrFGw2P41fwhNxttCVV+8nYSFPRMJ79 SpIfYEJS/p/7+tHGqGzV1TN37HuCpGGOpxUPRAYWb7y/OApQpGw3Il92SfLYikAtQ5 PkAsxCKEhxVauFNrsOHwhWoijdkxeLIgGarLcmhk= From: "milahu at gmail dot com" To: glibc-bugs@sourceware.org Subject: [Bug network/24255] resolver should handle special domains correctly Date: Sat, 24 Feb 2024 08:00:09 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: network X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: enhancement X-Bugzilla-Who: milahu at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://sourceware.org/bugzilla/show_bug.cgi?id=3D24255 milahu changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |milahu at gmail dot com --- Comment #4 from milahu --- > for DNS, we cannot know if that the server is connected to Tor or not imo, the optimal solution would be to extend /etc/resolv.conf with something like > option allow-domains *.onion ... to make tools like curl and git "just work" on machines behind a transparent tor proxy where these tools currently throw the error > Not resolving .onion address (RFC 7686) ... and currently we need non-transparent workarounds like > curl --proxy socks5h://127.0.0.1:9050 > git -c remote.origin.proxy=3Dsocks5h://127.0.0.1:9050 ... or expensive workarounds like "rebuild curl" which on systems like nixos or guix means "rebuild the world" this config belongs to /etc/resolv.conf because its a machine-level config which affects all DNS clients on that machine the default config would be something like > option deny-domains *.onion *.i2p see also https://github.com/curl/curl/discussions/11125 I want to resolve onion addresses https://gitlab.torproject.org/tpo/core/torspec/-/issues/202 Formalize toggle override for non-Tor applications that follow RFC 7686 --=20 You are receiving this mail because: You are on the CC list for the bug.=