[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Living without Privoxy

Firefox nightly builds now have an option
"network.proxy.socks_remote_dns" which does what we need (passes
hostnames to Tor). You need to setup a SOCKS5 proxy as normal and then
goto about:config to set that option currently. They may have a GUI
for it in the next Firefox release.

This means that we can do without Privoxy given
http://extensionroom.mozdev.org/more-info/useragentswitcher and
sensible Firefox settings. (Nightly builds are much better about
deleting information on exit too) and this is a good thing.

(Note: there are still many issues unaddressed with browsers in
general, mostly relating to Javascript).


I've also just scribbled my thoughts about a more general solution
down (below), but the need for such a solution has just been reduced.


--------

We would like to write a caching DNS server which could sit on the
local machine and answer DNS queries by sending them to an OP.

    *  We need to cache results because DNS over Tor is pretty slow
    * But what TTL do we use?
          o We would wish to use the highest possible, but SOCKS
resolve destroys that information (actually, it never even gets passed
to Tor at the other end)
    * We could add support for UDP over Tor (SOCKS5 supports UDP),
that way a resolver could talk DNS directly to the servers.
    * Or we could add support for more DNS information over Tor.
          o This would require a libevent based DNS library (libdnsres
will not do because it doesn't pass on TTL information)
          o This probably needs additional, specific, RELAY cells.
          o ADNS looks like it could work:
http://www.chiark.greenend.org.uk/~ian/adns/


-- 
Adam Langley                                      agl@xxxxxxxxxxxxxxxxxx
http://www.imperialviolet.org                       (+44) (0)7906 332512
PGP: 9113   256A   CC0F   71A6   4C84   5087   CDA5   52DF   2CB6   3D60