Re: proxychains DNS leaks stopped

To: or-talk@xxxxxxxxxxxxx

Subject: Re: proxychains DNS leaks stopped

From: "Kyle Williams" <kyle.kwilliams@xxxxxxxxx>

Date: Mon, 5 Jan 2009 23:11:13 -0800

Cc: or-talk@xxxxxxxx

Delivered-to: archiver@xxxxxxxx

Delivered-to: or-talk-outgoing@xxxxxxxx

Delivered-to: or-talk@xxxxxxxx

Delivery-date: Tue, 06 Jan 2009 02:11:20 -0500

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type:references; bh=30JhZ7czWFR0SEunzDya2L36oLLMDIobC5cOUWUMcu4=; b=JI1ZnMU1JNO1hHSlmImGuGeh4SHmrGz43rCtBSLjNwbdij9Rsq9mSHYE1U+PWJ5uK+ BSokbwsLGEamk+ayrW8XJHysYeeO2ye6R5LdCm4TD9KcKshFv1ot+KxGYDw7mTEtjDAR Oye8pyng0VuvN+bzNymFa5lR40Cr9u71MWwdA=

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=QOyTkPL3Mh75o5xEmQZdq/Jfz25k7aMM7tBwJ75HSZaYDB9t+Wr6Oob9SzelfxHvkZ jrNOPZH6+kwAe7UXhKQS3ZwO4ccZoGuURJkGUHI/kLyEXfsTfJdHarm0W5Xmc3wDtBpB ZJ5aTjNYBirkRJHluGLGGsBe5cKeALjwPv7nQ=

In-reply-to: <200901060657.n066v1xf011500@xxxxxxxxxxxxx>

References: <200901060657.n066v1xf011500@xxxxxxxxxxxxx>

Reply-to: or-talk@xxxxxxxxxxxxx

Sender: owner-or-talk@xxxxxxxxxxxxx

from the proxychains.conf file:

# Proxy DNS requests - no leak for DNS data

proxy_dns

I thought it would resolve against the specified SOCKS 4/5 proxy. Is this not happening?

- Kyle

On Mon, Jan 5, 2009 at 10:57 PM, Scott Bennett <bennett@xxxxxxxxxx> wrote:

After looking at the problem a moment, I tried replacing the last
line of the proxyresolv script in the proxychains package, which reads,

dig $1 @$DNS_SERVER +tcp | awk '/A.+[0-9]+\.[0-9]+\.[0-9]/{print $5;}'

with the following line:

env LD_PRELOAD="" tor-resolve $1

That seems to stop the leaks, but it still leaves tor complaining that
it was given an IP address instead of a host+domainname in the SOCKS5
connection. (I realize that this method also means that tor-resolve
will be used exclusively for name-to-address resolutions, instead of
whatever list of proxies may currently be the active list for proxychains
to use, but it does what I need for now.)

Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at cs.niu.edu *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************