or maybe better "dig @localhost:torport hostname +tcp"
On Wed, Oct 25, 2017 at 4:50 PM, Allen <allen...@gmail.com> wrote: > and what happens if you use dig alone to talk directly to tor? > something like "dig -p torport hostname +tcp" (see man dig) > > On Wed, Oct 25, 2017 at 4:42 PM, Rob van der Hoeven > <robvanderhoe...@ziggo.nl> wrote: >> Hi Folks, >> >> I'm testing a small single-program transproxy program that I wrote (not >> released yet). This program forwards DNS requests to the DNSPort of the >> Tor daemon. During my tests I noticed something that worries me. >> >> With my program I can basically redirect network traffic from any >> program to the DNSPort/TransPort of the Tor daemon. For fun I tried: >> >> dig hoevenstein.nl >> >> To my surprise I got an answer from one of the nameservers in my own >> resolv.conf. It looks like the exit node blindly uses the nameserver >> from the original request. Can anyone confirm this? >> >> I checked with wireshark, and no DNS queries are leaving my system, >> also the query time indicates the request was done using the Tor >> network. >> >> Leaking a users nameserver looks dangerous to me. >> Can someone shine a light on this? >> >> Rob. >> https://hoevenstein.nl >> >> ===================================== >> Here are the result of my experiment: >> ===================================== >> >> rob@jessie:~$ aorta -t dig hoevenstein.nl >> >> RUNNING dig hoevenstein.nl >> >> ; <<>> DiG 9.10.3-P4-Debian <<>> hoevenstein.nl >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61683 >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 >> >> ;; QUESTION SECTION: >> ;hoevenstein.nl. IN A >> >> ;; ANSWER SECTION: >> hoevenstein.nl. 3600 IN A 94.211.74 >> .2 >> >> ;; Query time: 178 msec >> ;; SERVER: 89.101.251.228#53(89.101.251.228) >> ;; WHEN: Wed Oct 25 21:39:03 CEST 2017 >> ;; MSG SIZE rcvd: 48 >> >> AORTA CLOSED ... >> >> rob@jessie:~$ cat /etc/resolv.conf >> # Generated by NetworkManager >> search dynamic.ziggo.nl >> nameserver 89.101.251.228 >> nameserver 89.101.251.229 >> >> Without using Tor: >> ================== >> >> rob@jessie:~$ dig hoevenstein.nl >> >> ; <<>> DiG 9.10.3-P4-Debian <<>> hoevenstein.nl >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17152 >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 >> >> ;; OPT PSEUDOSECTION: >> ; EDNS: version: 0, flags:; udp: 4096 >> ;; QUESTION SECTION: >> ;hoevenstein.nl. IN A >> >> ;; ANSWER SECTION: >> hoevenstein.nl. 3600 IN A 94.211.74 >> .2 >> >> ;; Query time: 16 msec >> ;; SERVER: 89.101.251.228#53(89.101.251.228) >> ;; WHEN: Wed Oct 25 21:46:28 CEST 2017 >> ;; MSG SIZE rcvd: 59 >> >> -- >> tor-talk mailing list - tor-talk@lists.torproject.org >> To unsubscribe or change other settings go to >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
