Btw, I did ask a person working with these things how this is implemented in reality, out in the world, and the following is the response:
> *** At this point I don't think there's a global plugin for all of > them. The Tails distribution has a nice page explaining how to enforce > Tor (and I2P) that covers DNS resolution hijacking, HTTP proxying, and > IP redirection of 127.192.0.0/10 to ensure all traffic not destined to > clear Internet goes through Tor and I2P. > > https://tails.boum.org/contribute/design/Tor_enforcement/ > > Assuming you have Tor and I2P running, you could declare an HTTP and > SOCKS proxy on localhost--e.g. using Privoxy, and then configure > Privoxy to route .i2p to the local I2P resolver (localhost:8887), and > .onion to the Tor resolver (localhost:9050) > > It works similarly for .bit (Namecoin) or the GNS, but the preferred > method is via the Name Service Switch because those can and do provide > different RR types that are not available with the DNS RR types. E.g., > for GNUnet you would do: > > # grep hosts /etc/nsswitch.conf > hosts: files gns [NOTFOUND=return] dns > > You might also need to remove the reverse path filtering on your > virtual gnunet-dns interface: > > # echo 0 > /proc/sys/net/ipv4/conf/gnunet-dns/rp_filter > > Tor's trac also have an extensive page on DNS resolution alternatives > and their configuration: > > https://trac.torproject.org/projects/tor/wiki/doc/DnsResolver > > Hope that helps, Patrik
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
