[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Does the Tor DNS transparent proxy code use clients nameservers?

On Wed, 2017-10-25 at 22:32 +0100, Geoff Down wrote:
> On Wed, Oct 25, 2017, at 10:01 PM, Rob van der Hoeven wrote:
> > On Wed, 2017-10-25 at 16:50 -0400, Allen wrote:
> > > and what happens if you use dig alone to talk directly to tor?
> > > something like "dig -p torport hostname +tcp" (see man dig)
> > > 
> > 
> > A good idea, but the Tor daemon expects that all traffic arriving
> > on
> > torport has been redirected by iptables. It asks IP tables for the
> > original destination, which is not there when you use dig directly
> > with
> > torport.
> > 
> > Rob,
> Haven't you answered your own question right there? Dig picks a
> nameserver from your /etc/resolv.conf, tries to connect to it, your
> kernel magic redirects the request via Tor, so the exit node connects
> to
> the nameserver from /etc/resolv.conf
> ?
> GD

Well, I think it works differently. What probably happens is that the
nameserver address from resolv.conf never reaches the exit node.
Instead the Tor daemon just remembers the address to use later on in
the reply. So the client never knows that the query was answered by
Tor. Sleepy programmers are fooled by this too ;-)


tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to