[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: dns-proxy-tor / freecap



Anothony Georgeo <anogeorgeo@xxxxxxxxx> wrote [quoting adjusted]:

> Fabian Keil <freebsd-listen@xxxxxxxxxxxxx> wrote:
>> If you use it together with a decent packet filter,
>> you can make sure that there is no unencrypted
>> DNS traffic and connections from broken applications are
>> redirected into dns-proxy-tor or just fail.

> If the Windows DNS server is configure to route into 127.0.0.1
> (tor-dns-proxy) or 127.1.2.2 (TorDNS-Localhost) then a packet filter
> should not be required correct?

Correct, if you can trust your applications to use Windows'
DNS resolve functions without modifications. 
 
> Even if a broken app used it's default, wouldn't the Windows DNS
> server _force_ the app to use the configured Windows DNS server
> address?

I don't know if an application can use Windows' resolve functions
and provide its own DNS server settings, but it's certainly possible
that an application brings it own DNS client with it and completely
circumvents Windows' DNS client functions.

Of course in that case the DNS leakage is probably
the least of your problems.

> Setting the "Preferred DNS Server" in Network Connetions should force
> all DNS quaries into the specified address, correct?

If the applications play by the rules and use Windows to do
their DNS requests, the requests will use the preferred DNS server.
Probably that's good enough, but I don't think "force" is the
right word here.

Fabian
-- 
http://www.fabiankeil.de/

Attachment: signature.asc
Description: PGP signature