[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] glibc's DNS lookups fail

I am incredibly sorry that my posts do not reference the right
Message-ID's.  This seems to be a bug in the webmail interface I am using.

>>> Chain POSTROUTING (policy ACCEPT)
>>> target     prot opt source               destination
>>> MASQUERADE  tcp  --    !    masq
>>> ports:
>>> 1024-65535
>>> MASQUERADE  udp  --    !    masq
>>> ports:
>>> 1024-65535
>>> MASQUERADE  all  --    !
>>> [...]
>>> (The POSTROUTING stuff is due to a VM I have running.)
>> I think your issues might be related to these rules, though. Could you
>> try without? Could you try to use SNAT with a specific IP address
>> instead of MASQUERADE? Could you try to filter based on output
>> interfaces instead of destination addresses?
> I tried without, no difference.  In fact, my problem is not related to
> iptables at all.  If I start tor with DNSPort set to 53, and set my
> nameserver in /etc/resolv.conf to, it does not work as well.
> (First lookup fails, consequent lookups succeed).

I think I am finally getting somewhere.  Netfilter definitely does not
cause my problem.  As I said in
http://archives.seul.org/or/talk/Feb-2012/msg00202.html, I wrote a simple
application that performs lookups using glibc. It turns out that all
lookups succeed, if addinfo.ai_family is AF_INET. If addrinfo.ai_family is
AF_UNSPEC (this is what gnutls-cli, openbsd netcat etc.) are using, the
first lookup fails, subsequent lookups succeed.



tor-talk mailing list