[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: tor with OpenDNS as default DNS, using Firefox+FoxyProxy
- To: or-Talk Mailinglist <or-talk@xxxxxxxx>
- Subject: Re: tor with OpenDNS as default DNS, using Firefox+FoxyProxy
- From: Tripple Moon <tripple.moon@xxxxxxxxx>
- Date: Sun, 12 Apr 2009 09:05:07 -0700 (PDT)
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Sun, 12 Apr 2009 12:05:13 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1239552308; bh=zoWIOwc5EpkdnlO9MxMNwbdKmZ/yA2kcW/jCwFFSE4k=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=FHbbPjLhB1Z4dhYzjRs34dm99Oh/ywz7bj68jMxdaimlZtaWQIcBdffDvxh1DflzM26jVLy38ySUYBCQjhzJPCbYihyKaUV7jCPFC/slOHbpyroOUv9lhDZ8K/B9q8L0ywr62X/3M5BU/tz6yd0dbnbCYW3XYb0LqZ/8iDvqt5o=
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=Qvgstc0xpOVoUzjex7W3cYAl1EfqgCke51tMnu9PWptrS5lVwPWji/rtaDahdmHZzQw1bNb4l9rOArXvLV/9TXPDpdTVAZYVpwYpDSoRIa2hy+M6bPpklncbLdp7Uj0TmB82ENEXGOHdUPocgjqXEztK6RHwAnXxH4fr6srM2bk=;
- In-reply-to: <200904061828.n36IS6lT026502@xxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
--- On Mon, 4/6/09, Scott Bennett <bennett@xxxxxxxxxx> wrote:
> >>3) Same as (2) but this time i used the follwing
> config options in torrc:
> >> 'ServerDNSResolvConfFile C:\Program
> Files\Tor\resolv.conf' and
> 'ServerDNSDetectHijacking 0'
> >> With the OpenDNS servers, correctly, listed in
> the 'resolv.conf' file.
> > You are running tor as a relay, as well as as a
> client? Your 3) affects
> >only relay operations, of course, not client
> operations. And, AFAIK, the only
> >relay operations affected are exit services, so unless
> you're running tor as
> >an exit relay, the stuff you did in 3) should
> effectively change nothing.
Yes indeed im running tor as both relay and client.
When i set my client to not resolve DNS queries using the tor network i get the warning messages.
(Which ofcourse are as expected)
> >> My scenario-goal does _still_not_ work because
> the DNS queries are still seemingly resolved by the tor-exit
> > Correct.
> >>So uhmm....Anyone have any ideas how i can
> accomplish my scenario-goal?
> > You haven't mentioned your reason(s) for
> wanting to do such a thing.
> >I surmise that you do not intend to use tor for
> anonymity but rather for some
> >other end, such as tunneling through a firewall. tor,
> however, is designed
> >with the aim of preserving anonymity, so it issues
> those messages to let the
> >user/operator know that some application *may* be
> breaking anonymity. If
> >your aim is different from that of tor, you may just
> have to put up with the
> >messages. Given that the messages are logged to a
> file, if anywhere, is that
> >a problem? You don't *have* to look at them, after
My reason(s) for this scenario is so that:
1) I am able to use custom DNS-Servers for both my client and others that use my exit point, without the warning messages.
2) My, the operators, custom DNS-Servers can speedup _and_ aid in anonymity by blocking/re-directing certain domain names to other IP's.
Which will, in the case of OpenDNS, return a small HTML with a message telling its blocked.
Preventing the access to specific domains will, IMHO, improve anonymity for both the relay operator and the client using it as exit point.
I came-up with this scenario because i wanted to speedup the user experience _and_ kill the webs tracking behaviors as much as i can.
So i admit i understand that for my scenario to work without the warning messages tor needs an extra config option to allow IP-only requests from custom listed IP's in its torrc file.
(fe. localhost/127.0.0.1 for the local client)
I understand that one can use Privoxy for even more advanced filtering, but a simple DNS-based filtering system is more than enough for most of the web-tracking systems IMHO.
Besides this approach will even enable tor to utilize bind+rbl :)
It's just IMHO the next step towards _more_ anonymity...
Oh and about the message and me not needing to look at them:
They are logged to stdout and presented in the log-window of vidalia.
The rest of the messages are still important enough to be seen by the operator.