and what happens if you use dig alone to talk directly to tor? something like "dig -p torport hostname +tcp" (see man dig)
On Wed, Oct 25, 2017 at 4:42 PM, Rob van der Hoeven <robvanderhoe...@ziggo.nl> wrote: > Hi Folks, > > I'm testing a small single-program transproxy program that I wrote (not > released yet). This program forwards DNS requests to the DNSPort of the > Tor daemon. During my tests I noticed something that worries me. > > With my program I can basically redirect network traffic from any > program to the DNSPort/TransPort of the Tor daemon. For fun I tried: > > dig hoevenstein.nl > > To my surprise I got an answer from one of the nameservers in my own > resolv.conf. It looks like the exit node blindly uses the nameserver > from the original request. Can anyone confirm this? > > I checked with wireshark, and no DNS queries are leaving my system, > also the query time indicates the request was done using the Tor > network. > > Leaking a users nameserver looks dangerous to me. > Can someone shine a light on this? > > Rob. > https://hoevenstein.nl > > ===================================== > Here are the result of my experiment: > ===================================== > > rob@jessie:~$ aorta -t dig hoevenstein.nl > > RUNNING dig hoevenstein.nl > > ; <<>> DiG 9.10.3-P4-Debian <<>> hoevenstein.nl > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61683 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;hoevenstein.nl. IN A > > ;; ANSWER SECTION: > hoevenstein.nl. 3600 IN A 94.211.74 > .2 > > ;; Query time: 178 msec > ;; SERVER: 89.101.251.228#53(89.101.251.228) > ;; WHEN: Wed Oct 25 21:39:03 CEST 2017 > ;; MSG SIZE rcvd: 48 > > AORTA CLOSED ... > > rob@jessie:~$ cat /etc/resolv.conf > # Generated by NetworkManager > search dynamic.ziggo.nl > nameserver 89.101.251.228 > nameserver 89.101.251.229 > > Without using Tor: > ================== > > rob@jessie:~$ dig hoevenstein.nl > > ; <<>> DiG 9.10.3-P4-Debian <<>> hoevenstein.nl > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17152 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;hoevenstein.nl. IN A > > ;; ANSWER SECTION: > hoevenstein.nl. 3600 IN A 94.211.74 > .2 > > ;; Query time: 16 msec > ;; SERVER: 89.101.251.228#53(89.101.251.228) > ;; WHEN: Wed Oct 25 21:46:28 CEST 2017 > ;; MSG SIZE rcvd: 59 > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
