[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: transparent forced dns-'proxy' on Exit-Node - is it ok?



On Tue, 09 Jan 2007, herfel@xxxxxxx wrote:

> Hello,
> 
> for reasons that are not relevant to the question, my tor-node
> 'cannot' function as an exit-node. However I was thinking that it
> would be possible for me, to use iptables to force-route all outgoing
> dns-requests from the tor-IP to my local dns-server

Don't.

Just do not exit to port 53, so nobody will try to tunnel their DNS
requests over Tor through you - tho I doubt many, if any, do this.

For the things Tor does resolve itself (like with normal exit requests
to say slashdot.com:80) just make sure your system can do DNS resolves
with the usual gethostbyname() libc call.  Or, if you are on 0.1.2.*
that your etc/resolv.conf has servers in it that work.

Peter
-- 
                           |  .''`.  ** Debian GNU/Linux **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/