[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Best practice for DNS through tor

Hi everyone,

I'd like to set up an situation where users on a LAN can optionally reroute just their DNS queries through tor.  What I have is a gateway router where bind9 runs on udp 53 (caching only) and tor uses DNSPort 5300.  I'd like the users to be able to "do something" on their local computers which switches DNS queries to the router on port 5300 rather than 53.  Any suggestions on a best practices?  Here's what I've tried:

1) I wrote a perl script to proxy dns from localhost:53 to router:5300 and then added "nameserver" in resolv.conf.  It works, but I would want to clean up the script or rewrite it in C before deploying.  This is my best solution.

2) I tried "nameserver" in resolv.conf, but that syntax is not understood.

3) I tried redirection with iptables on the local host but I can't get that to work --- I'm not sure its possible.  On the other hand, redirection on the router does work by port forwarding with the PREROUTING chain, and I can distinguish on a host-by-host basis, but its a pain to set up something where the user just presses the "switch" button locally and then an iptable rule changes on the router.  I'd prefer solution #1 to this.

4) The -p option in dig works great, but I don't see how to wrap that in with ordinary DNS queries.

On a different note, there must be DNS caching in tor.  Is there a way to control that without jumping into the code?


Anthony G. Basile, Ph.D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201

(716) 829-8197

Attachment: signature.asc
Description: OpenPGP digital signature