[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: dns-proxy-tor / freecap



Apologies to the list if my web mail provider doesn't
include an in-reply-to header for threading.

Anothony Georgeo <anogeorgeo@xxxxxxxxx> wrote:
> >  - If so, is dns-proxy-tor a solution to this?
> 
> Yes, "Tor-Dns-Proxy" is one available solution,

As the author of dns-proxy-tor, I hope I can clear up
a few things about using it on Windows. If you've
properly configured every network application to use
Tor and you still see DNS requests leaking with a
packet sniffer, then dns-proxy-tor might be appropriate
for you. Leaks typically happen when an application
attempts to resolve a domain name instead of passing it
through directly to Tor with SOCKS4A or SOCKS5.

Privoxy solves this problem for HTTP and other
protocols when the application supports HTTP CONNECT.
Applications that properly support SOCKS4A or SOCKS5
also don't leak DNS requests. DNS leakage remains
a problem in every other situation.

> Tor-Dns-Proxy can be run from command line or as a
> service.  Unfortunitly, I am unable to run
> Tor-Dns-Proxy as a service becasue the service won't
> start.  In my testes I ran it from command line.  The

Actually, no matter how you invoke the Windows binary
(win32/dns-proxy-tor.exe in the distribution), it will
always run as a service. The Windows "port" is really
an afterthought since I don't use Windows. In my
testing, once installed and started the service will
permanently remain in the "starting" state, never
advancing to "started". This is somehow related to the
PAR packaging, as it doesn't occur when running perl
directly. Regardless, dns-proxy-tor runs normally
despite the constant "starting" state.

> only problem I have with Tor-Dns-Proxy is the command
> line mode requires end-user input...You can't run
> "start Tor-Dns-Proxy" and have it launch, you need to
> type "continue" then it will begin routing the DNS
> quaries.

What you're referring to must be something related to
Windows services and not to dns-proxy-tor in particular.
dns-proxy-tor itself is not interactive; it accepts
command line arguments and either terminates or runs
forever. Installing the service is the only way I
recommend using the provided binary.

> see it in action.  Also, if DNS routing slows you can
> clear the cache with the click of a button.

Tor caches DNS lookups internally, so I see no need for
another level of caching.

> Tor-Dns-Proxy.  The only reason I *don't* use
> Tor-Dns-Proxy is I can not automatically start it via.
> command line (hopefully the author will correct this).

If you want to run tor-dns-proxy attached to a terminal,
i.e. not as a service in the background, you can install
perl and use the script (not the one in win32/) as you
would on Unix.