[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: tor with OpenDNS as default DNS, using Firefox+FoxyProxy



--- On Mon, 4/6/09, Scott Bennett <bennett@xxxxxxxxxx> wrote:

> >>3) Same as (2) but this time i used the follwing
> config options in torrc:
> >>   'ServerDNSResolvConfFile C:\Program
> Files\Tor\resolv.conf' and
> 'ServerDNSDetectHijacking 0'
> >>   With the OpenDNS servers, correctly, listed in
> the 'resolv.conf' file.
> >
> >     You are running tor as a relay, as well as as a
> client?  Your 3) affects
> >only relay operations, of course, not client
> operations.  And, AFAIK, the only
> >relay operations affected are exit services, so unless
> you're running tor as
> >an exit relay, the stuff you did in 3) should
> effectively change nothing.
Yes indeed im running tor as both relay and client.
When i set my client to not resolve DNS queries using the tor network i get the warning messages.
(Which ofcourse are as expected)
> >
> >>   My scenario-goal does _still_not_ work because
> the DNS queries are still seemingly resolved by the tor-exit
> point.
> >>
> >     Correct.
> >
> >>So uhmm....Anyone have any ideas how i can
> accomplish my scenario-goal?
> >>
> >     You haven't mentioned your reason(s) for
> wanting to do such a thing.
> >I surmise that you do not intend to use tor for
> anonymity but rather for some
> >other end, such as tunneling through a firewall.  tor,
> however, is designed
> >with the aim of preserving anonymity, so it issues
> those messages to let the
> >user/operator know that some application *may* be
> breaking anonymity.  If
> >your aim is different from that of tor, you may just
> have to put up with the
> >messages.  Given that the messages are logged to a
> file, if anywhere, is that
> >a problem?  You don't *have* to look at them, after
> all.
My reason(s) for this scenario is so that:
1) I am able to use custom DNS-Servers for both my client and others that use my exit point, without the warning messages.
2) My, the operators, custom DNS-Servers can speedup _and_ aid in anonymity by blocking/re-directing certain domain names to other IP's.
Which will, in the case of OpenDNS, return a small HTML with a message telling its blocked.

Preventing the access to specific domains will, IMHO, improve anonymity for both the relay operator and the client using it as exit point.
I came-up with this scenario because i wanted to speedup the user experience _and_ kill the webs tracking behaviors as much as i can.

So i admit i understand that for my scenario to work without the warning messages tor needs an extra config option to allow IP-only requests from custom listed IP's in its torrc file.
(fe. localhost/127.0.0.1 for the local client)

I understand that one can use Privoxy for even more advanced filtering, but a simple DNS-based filtering system is more than enough for most of the web-tracking systems IMHO.
Besides this approach will even enable tor to utilize bind+rbl :)
It's just IMHO the next step towards _more_ anonymity...

Oh and about the message and me not needing to look at them:
They are logged to stdout and presented in the log-window of vidalia.
The rest of the messages are still important enough to be seen by the operator.