tailscale/wgengine/tsdns
Christine Dodrill b89c757817 wgengine/tsdns: explicitly reject .onion lookups
Tor has a location-hidden service feature that enables users to host services
from inside the Tor network. Each of these gets a unique DNS name that ends with
.onion. As it stands now, if a misbehaving application somehow manages to make
a .onion DNS request to our DNS server, we will forward that to the DNS server,
which could leak that to malicious third parties. See the recent bug Brave had
with this[1] for more context.

RFC 7686 suggests that name resolution APIs and libraries MUST respond with
NXDOMAIN unless they can actually handle Tor lookups. We can't handle .onion
lookups, so we reject them.

[1]: https://twitter.com/albinowax/status/1362737949872431108

Fixes tailscale/corp#1351

Signed-off-by: Christine Dodrill <xe@tailscale.com>
2021-03-01 22:17:49 -08:00
..
forwarder.go wgengine/tsdns: use netns to obtain a socket 2020-09-24 15:48:40 -07:00
map.go ipn: delete domainsForProxying, require explicit DNS search domains (mapver 9) (#1078) 2021-01-05 10:37:15 -08:00
map_test.go tailcfg, tsdns: derive root domains from list of nodes (#708) 2020-08-24 17:27:21 -04:00
neterr_darwin.go wgengine/tsdns: replace connections when net link changes (macOS) 2020-09-24 15:31:27 -07:00
neterr_other.go ipn, wgengine, magicsock, tsdns: be quieter and less aggressive when offline 2020-10-06 15:26:53 -07:00
neterr_windows.go ipn, wgengine, magicsock, tsdns: be quieter and less aggressive when offline 2020-10-06 15:26:53 -07:00
tsdns.go wgengine/tsdns: explicitly reject .onion lookups 2021-03-01 22:17:49 -08:00
tsdns_server_test.go wgengine/tsdns: skip test that requires local IPv6 when IPv6 unavailable 2021-02-16 10:50:37 -08:00
tsdns_test.go wgengine/tsdns: explicitly reject .onion lookups 2021-03-01 22:17:49 -08:00