Re: DNS leak check

[Paul Syverson <syverson@xxxxxxxxxxxxxxxx>]

On Fri, Mar 10, 2006 at 07:21:45PM +0100, Thomas Sjögren wrote:
> On Fri, Mar 10, 2006 at 12:10:16PM -0600, Agent0013 wrote:
> > I was wondering how you check that your DNS requests are not being leaked. I
> > have setup tor as a server on my Linux box at home and have just now got
> > privoxy running on the same server. I ssh into that server from my computer
> > at work and tunnel the connection into privoxy then into tor. Where would I
> > look to find the dns request and where it is being routed? How can I make
> > sure that privoxy is doing it's job in hiding the dns request. The
> > connection I have not looks exactly the same as before I had privoxy
> > installed and was just using tor.
> 
> If you're seeing this in your logs, DNS requests is being leaked.
> 
> [warn] fetch_from_buf_socks(): Your application
> (using socks5 on port xxxxxx) is giving Tor only an IP address.
> Applications that do DNS resolves themselves may leak information.
> Consider using Socks4A (e.g. via privoxy or socat) instead.  For more
> information, please see
> http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS
> 

This is probably true for most cases where you are not certain, but
not necessarily. I sometimes use connect to ssh through Tor to
specific locations for which I have supplied a known IP address. I of
course still get the message.

-Paul