summaryrefslogtreecommitdiffstats
path: root/wiki
diff options
context:
space:
mode:
authorT(A)ILS developers <amnesia@boum.org>2011-01-29 18:26:30 +0100
committerT(A)ILS developers <amnesia@boum.org>2011-02-03 19:46:36 +0100
commit2232592b586416bf5f1d30f3c4550b5abecce93d (patch)
tree7d7fa410532c83b6f908e23bab46024f49b6233d /wiki
parent70f630188849715250ac6dadabfceb526623c727 (diff)
Design: update wrt. current devel branch state.
Diffstat (limited to 'wiki')
-rw-r--r--wiki/src/contribute/design/Tor_enforcement/DNS.mdwn3
-rw-r--r--wiki/src/todo/forbid_lan_dns_queries.mdwn4
2 files changed, 4 insertions, 3 deletions
diff --git a/wiki/src/contribute/design/Tor_enforcement/DNS.mdwn b/wiki/src/contribute/design/Tor_enforcement/DNS.mdwn
index 60c9e30..910ce3c 100644
--- a/wiki/src/contribute/design/Tor_enforcement/DNS.mdwn
+++ b/wiki/src/contribute/design/Tor_enforcement/DNS.mdwn
@@ -14,6 +14,9 @@ therefore blocked in order to prevent leaks. Another solution may be
to use the Linux network filter to forward outgoing UDP datagrams to
the local DNS proxy.
+T(A)ILS development branch also forbids DNS queries to RFC1918 addresses; those
+might indeed allow the system to learn the local network's public IP address.
+
[resolvconf](http://alioth.debian.org/projects/resolvconf/) is used to
configure the system resolver in `/etc/resolv.conf`; it is also setup
to prevent NetworkManager and dhcp-client to modify this file.
diff --git a/wiki/src/todo/forbid_lan_dns_queries.mdwn b/wiki/src/todo/forbid_lan_dns_queries.mdwn
index 7947e22..9fb2bcc 100644
--- a/wiki/src/todo/forbid_lan_dns_queries.mdwn
+++ b/wiki/src/todo/forbid_lan_dns_queries.mdwn
@@ -15,6 +15,4 @@ We then need to forbid queries to DNS resolvers on the LAN.
Exceptions: at least the htp user; more?
> This has been implemented, though untested, in devel branch (commit
-> c2ad173) => [[!taglink todo/test]] and write [[!taglink
-> todo/documentation]] about this in the [[design
-> document|contribute/design]].
+> c2ad173) => [[!taglink todo/test]].