Yesterday evening we did our first public talk about our AEON project at the ITsecx conference. AEON stands for Anonymity Enhanced Onion Nameservice which means it is a nameservice which provides anonymity by utilizing onion routing.
There have been some questions from the audience after this talk and I would like to repeat them here since they may come up again.
Q: Isn’t Tor able to do DNS lookups itself?
A: Yes, basically it is but there are some constraints. It just works if the follow-up protocol is TCP-based, such as HTTP or SMTP and it requires that the request was properly “intercepted”. This works with e.g. the Tor browser bundle in respect to HTTP or with other application like ssh or similar if they are “socksified” explicitly with e.g. tsocks. It does not work in other cases and of course it does not work if you don’t use Tor.
Q: If you hook
gethostbyname() then Chrome will not use AEON because it uses its own resolver library.
A: Yes, but we did never say that we hook
Q: If there is a limitation in message size why don’t you use the EDSN0 extension?
A: Because the limitation occurs not due to the packet size limit but due to the maximum domain name length which is still limited to 255 bytes, even with EDSN0.
Q: But won’t the DNS server operator will be set up if somebody misuses them in such a way?
A: No, because we do not misuse somebody’s name server. AEON is a standalone software and is run on your own choice. Internet name servers are used in the same protocol conforming way as they are used today.
Q: What about the current state of your SW development?
A: We have “something” running in our lab that does “something”. But be sure, you will be the first one being informed once our SW is ready.