[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Tor with ttdnsd and unbound
On 04/29/2012 12:15 PM, Ondrej Mikle wrote:
> On 04/29/2012 03:49 PM, Tom wrote:
>> On 29 April 2012 12:53, anonym <anonym@xxxxxxxxxxx> wrote:
>>> So, you have to switch from using Google's DNS (which blocks Tor
>>> nowadays) to OpenDNS or whatever DNS server you trust. You'll still be
>>> unable to do multiple DNS requests at a time, though.
>> Yes, you are right! So for now I'm scraping the ttdns+unbound idea, at
>> least until ttdnsd won't be fixed or, until (hopefully!) Tor won implement
>> it's own DNS tools .
>> Is there any other way to reliably resolve DNS queries through Tor?
> I wrote a HOWTO for DNS/DNSSEC over Tor with unbound+socat (IMHO if you're using
> unbound, drop ttdnsd altogether):
> Click 'English' on top of the page if you get Czech version (it takes language
> preferences from headers sent by browser; Referer sending must enabled in
> browser in order the language switch to work).
I'm the current maintainer of ttdnsd and I fully support using something
that isn't such a hack.
I know that Paul Wouters and another unbound developer hacked together a
udp/tcp listener that only made outbound TCP connections. I think I made
some notes in the ttdnsd git repo at one point.
There was a patch that needed to be applied to unbound but I believe it
is now merged. If that is the case, I think that unbound and either
TransPort + iptables, socat, torsocks and unbound would be the best path
> I'm also working now on DNS/DNSSEC as Tor hidden service over TLS, I'll post the
> HOWTO in couple of days.
That sounds interesting.
>>  https://lists.torproject.org/pipermail/tor-dev/2012-March/003341.html
> The above proposal/implementation will take a while to finish, I've run into
> some technical quirks that need to be resolved (in order to have it working
> reasonably fast and not shoot yourself in foot with some stupid design/coding
> That's also the reason I decided to try the "DNS as hidden service over TLS"
I think this doesn't scale very well but it's never the less quite
interesting as well!
All the best,
tor-talk mailing list