[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Vidalia bundle DNS question



On Thu, Aug 18, 2011 at 07:00:20AM -0400, David H. Lipman wrote:
> From: "Andrew Lewman" <andrew@xxxxxxxxxxxxxx>
> > You can't.  DNS queries will go through Tor. If you query your local DNS
> > servers, your dns provider learns every domain you wish to visit. Even if they
> > don't see your traffic because it travels through tor, your dns lookups will
> > give away what you are doing, when, and how often.
> >
> 
> Well that's not good.  You see many DNS servers are poisoning the servers I wish to 
> contact and when I uses a specified DNS server I get to the host.

Huh? That sounds like a weird situation. Are you trying to circumvent a DNS-level "block"?

> When I do Tor many Tor connections have been DNS poisoned.
> I can't use my IP address more than once or I get rejected.

Again, that sounds like a weird situation and a misguided attempt to
secure something.

Anyway, you're basically trying to do something that will unmask your
browsing behaviour to the DNS server, as Andrew pointed out. Torbutton
won't let you do that, to the best of my knowledge. You can use a
browser (or a separate Firefox profile) where you set the SOCKS proxy to
Tor's listening port (127.0.0.1:9050, by default) and which doesn't do
DNS resolution over the proxy. Chrom{e,ium} does that by default, IIRC.
Firefox will do it if you browse to about:config and set
network.proxy.socks_remote_dns to false.

You can then also add the name you're trying to resolve to your hosts
file (as in, /etc/hosts or your OS's equivalent). That would stop most
DNS lookups.

The much safer alternative is to find at least a few Exit Nodes that
don't poison your DNS result and explicitly specify them using the .exit
TLD.

For instance, to visit www.weirdsite.com via exit Alice, use
www.weirdsite.com.alice.exit.

See https://trac.torproject.org/projects/tor/ticket/493 for a small
pitfall and some solutions when using a browser.

You can also use the ExitNodes configuration option to pass all your
traffic through a set of nodes. Of course, it reduces your anonymity
set. Remember to specify StrictNodes (for newer versions; see release notes)/StrictExitNodes (for
older versions).

Cheers,

Manuel
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk