Hi all,
I am trying to figure out the best way to handle DNS requests to both clearnet
and Tor onionland. Currently, I am using two virtual machines (both FreeBSD 11
based): one used as my internal DNS resolver and the other is a FreeBSD's tor
gateway.
My unbound.conf's file in my internal D
To resolve Tor's hostnames like for example ProtonMail. For example, If I do a
query from FreeBSD's Tor gateway:
root@torbsdgw:/var/log/tor # !345
tor-resolve protonirockerxow.onion
fe8d:ecdb:dc62:f60:6eda:15ea:39d9:b5c2
... it works ...
On Mon, Sep 11, 2017 at 12:16:23PM +0200, Tom van der W
Your config looks more or less exactly the same as mine (I allow tcp but
that's the only difference I can see).
If you do a dig from the unbound server to the BSD gateway do you get a
result?
dig @172.22.56.4#1053 protonirockerxow.onion
On Mon, Sep 11, 2017 at 10:45 AM, C. L. Martinez
wrote:
>
Looks fine, you're getting NXDOMAIN, not SERVFAIL.
What do you expect a DNS query for a .onion to return?
Op 11/09/2017 om 11:23 schreef C. L. Martinez:
> Hi all,
>
> I am trying to figure out the best way to handle DNS requests to both
> clearnet and Tor onionland. Currently, I am using two
Hi all,
One of the things that I've been working on lately is getting salt-ssh
working over tor. The salt-minion, by default, looks for the salt-
master using the hostname, "salt". I know that I can manually change
that to .onion but I would like to know if anyone knows how of
a way in *ni
Nope ...
root@fbsddns:~# dig @172.22.56.4#1053 protonirockerxow.onion
dig: couldn't get address for '172.22.56.4#1053': not found
On Mon, Sep 11, 2017 at 11:40:40AM +0100, Ben Tasker wrote:
> Your config looks more or less exactly the same as mine (I allow tcp but
> that's the only difference I
Hi Jason!
This is not exactly what you are asking for, but I cover something similar,
using /etc/hosts and virtual network interfaces:
https://github.com/alecmuffett/the-onion-diaries/blob/master/basic-production-onion-server.md
HTH. HAND.
- a
On 11 Sep 2017 1:21 pm, "Jason S. Evans" wrote:
Ahh, your version of dig doesn't like that syntax and is trying to resolve
the resolver string.
Try this instead
dig @172.22.56.4 -p1053 protonirockerxow.onion
Basically I'm wondering if something's stopping the packets from reach the
tor resolver (pf maybe?) given that your netstat shows it is
I have have changed my rdr rules in pf.conf to avoid to use port 1053 in dig
queries, and ... It works doing a query directly to tor's gateway from my
internal DNS server:
root@fbsddns:~/fwrules/secgw# dig @172.22.56.4 protonirockerxow.onion
; <<>> DiG 9.4.2-P2 <<>> @172.22.56.4 protonirockerxo
Did you restart unbound after the change to pf?
I had an issue in the past with Unbound blacklisting an upstream for
failing to respond (if you debug unbound it'll be logged as "chase to
blacklisted lame server"), from memory the default blacklist time is 900
seconds.
Failing that, it's probably
Ok, now it is working ... I have added:
local-zone: "onion." nodefault
..to unbound's config file, and it is works ... but I don't understadn why this
is needed ... Any idea?
On Mon, Sep 11, 2017 at 04:32:58PM +0100, Ben Tasker wrote:
> Did you restart unbound after the change to pf?
>
> I h
Ahhh, ok.
Good news! :D
Looks like Unbound have added .onion to the list of AS112 domains:
*onion* *(RFC* *7686)*
Default content:
local-zone: "onion." static
local-data: "onion. 10800 IN NS localhost."
local-data: "
12 matches
Mail list logo
