Re: tor with OpenDNS as default DNS, using Firefox+FoxyProxy

[Scott Bennett <bennett@xxxxxxxxxx>]

     On Mon, 6 Apr 2009 13:00:16 -0500 (CDT) I wrote:
>     On Sat, 4 Apr 2009 17:48:45 -0700 (PDT) Tripple Moon
><tripple.moon@xxxxxxxxx> wrote:
>>This is my 1st posting to this list but nevertheless ill start straight away with a question/problem if you all don't mind :)
>>
>>The scenario i want to accomplish is:
>>Using the tor network while DNS queries are resolved using the DNS-servers of OpenDNS without tor complaining with warnings about client supplying only IP-addresses.
>>
>>What i have done sofar is:
>>1) I have setup my firefox to use FoxyProxy to contact tor on my localmachine 127.0.0.1 on its default 9050 port as socks proxy.
>>   I have _disabled_ "Use socks proxy for DNS lookups".
>>   My scenario-goal works but, this gives the very annoying warning messages, which btw are ofcourse totally to be expected in this case.
>>2) Same as (1) but this time have _enabled_ "Use socks proxy for DNS lookups".
>>   My scenario-goal does _not_ work because the DNS queries are resolved by the tor-exit point.
>
>     Yes, that is correct.  The exit relay is supposed to handle all
>name-to-addresss resolution.
>
>>3) Same as (2) but this time i used the follwing config options in torrc:
>>   'ServerDNSResolvConfFile C:\Program Files\Tor\resolv.conf' and 'ServerDNSDetectHijacking 0'
>>   With the OpenDNS servers, correctly, listed in the 'resolv.conf' file.
>
>     You are running tor as a relay, as well as as a client?  Your 3) affects
>only relay operations, of course, not client operations.  And, AFAIK, the only
>relay operations affected are exit services, so unless you're running tor as
>an exit relay, the stuff you did in 3) should effectively change nothing.

     I just remembered another place that name resolution is involved, still
only for relays, but not necessarily exit relays.  If a hostname+domainname
specification is used on the Address line in torrc, tor will use the resolver
library locally to resolve its own address.
>
>>   My scenario-goal does _still_not_ work because the DNS queries are still seemingly resolved by the tor-exit point.
>>
>     Correct.
>
>>So uhmm....Anyone have any ideas how i can accomplish my scenario-goal?
>>
>     You haven't mentioned your reason(s) for wanting to do such a thing.
>I surmise that you do not intend to use tor for anonymity but rather for some
>other end, such as tunneling through a firewall.  tor, however, is designed
>with the aim of preserving anonymity, so it issues those messages to let the
>user/operator know that some application *may* be breaking anonymity.  If
>your aim is different from that of tor, you may just have to put up with the
>messages.  Given that the messages are logged to a file, if anywhere, is that
>a problem?  You don't *have* to look at them, after all.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************