On 04/29/2012 12:15 PM, Ondrej Mikle wrote: > On 04/29/2012 03:49 PM, Tom wrote: >> On 29 April 2012 12:53, anonym <[email protected]> wrote: >> >>> >>> So, you have to switch from using Google's DNS (which blocks Tor >>> nowadays) to OpenDNS or whatever DNS server you trust. You'll still be >>> unable to do multiple DNS requests at a time, though. >>> >>> >> Yes, you are right! So for now I'm scraping the ttdns+unbound idea, at >> least until ttdnsd won't be fixed or, until (hopefully!) Tor won implement >> it's own DNS tools [1]. >> Is there any other way to reliably resolve DNS queries through Tor? > > I wrote a HOWTO for DNS/DNSSEC over Tor with unbound+socat (IMHO if you're > using > unbound, drop ttdnsd altogether): > > https://labs.nic.cz/page/993/dnssec-validation-over-tor--linux-/ > > Click 'English' on top of the page if you get Czech version (it takes language > preferences from headers sent by browser; Referer sending must enabled in > browser in order the language switch to work). >
I'm the current maintainer of ttdnsd and I fully support using something that isn't such a hack. I know that Paul Wouters and another unbound developer hacked together a udp/tcp listener that only made outbound TCP connections. I think I made some notes in the ttdnsd git repo at one point. There was a patch that needed to be applied to unbound but I believe it is now merged. If that is the case, I think that unbound and either TransPort + iptables, socat, torsocks and unbound would be the best path forward. > I'm also working now on DNS/DNSSEC as Tor hidden service over TLS, I'll post > the > HOWTO in couple of days. > That sounds interesting. > >> [1] https://lists.torproject.org/pipermail/tor-dev/2012-March/003341.html > > The above proposal/implementation will take a while to finish, I've run into > some technical quirks that need to be resolved (in order to have it working > reasonably fast and not shoot yourself in foot with some stupid design/coding > mistake). > Oh? > That's also the reason I decided to try the "DNS as hidden service over TLS" > approach. > I think this doesn't scale very well but it's never the less quite interesting as well! All the best, Jacob _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
