

How does Tor bypass DNS - biturd

Hello, I am new to Tor and how it works, but have a general understanding of how it works.<p>It uses a TLD of .onion, which as far as I know, is not a real TLD with regard to ICANN and the other IP&#x2F;domain authorities.<p>This got me thinking how much power our root server holders have.  If they ever wanted to literally take out the internet, destroy our economy, and ruin anything that uses a name based lookup system — all they have to do is drop all the zones in the .com. or add in an <i>.com. A IN 127.0.0.0.<p>But, Tor boots up and </i>can* resolve the .onion TLD.  On my OS, Mac OS X, no entries are added to &#x2F;etc&#x2F;hosts, I can try to do lookups on .onion url&#x27;s and they will fail.<p>How does Tor do the resolution of the .onion url scheme?  Does every tor node have it&#x27;s own little DNS resolver in it, and when you use the Tor browser, it will connect up to a node and get instructions from there?  Does that mean that all nodes are essentially updating a large &#x2F;etc&#x2F;hosts file like we did ages ago when there was no DNS?<p>Thanks for any help understanding this.  It kind if blows me away how fragile and simple the internet is as far as dismantling it.  Things like BGP being human controlled, state controlled, etc, I am surprised that more countries are not a bit up in arms that we ( The USA ) sort of own the internet.  We allocated a TLD to other countries, we I assume can take that away.  I am often baffled other countries, ( China perhaps ) don&#x27;t just start their own root servers, run their own BGP, and fully be in control of every domain, from .com all the way to .i-made-up-a-tld.
======
cjbprime
Yes, every tor node contains a resolver. No, this doesn't mean that every node
knows the .onion address of every hidden service; there is a distributed hash
table involved. (Note: only hidden services have .onion addresses, not regular
Tor nodes.) It is not at all like using /etc/hosts files.

The US does not control all of the DNS root servers. China does control its
BGP, and puts more effort than any other country into running a centralized
firewall, and even hijacking DNS queries coming from inside the country
sometimes. The US doesn't arbitrarily revoke TLDs because it would be akin to
an act of war, and universally condemned.

~~~
biturd
Thanks for the explanation, I appreciate it.

