[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Using unbound to resolve .onion domains

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Using unbound to resolve .onion domains
From: Ben Tasker <ben@xxxxxxxxxxxxxxx>
Date: Mon, 11 Sep 2017 11:40:40 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 11 Sep 2017 06:41:18 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bentasker.co.uk; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=2X6sYEUtVzSBpsaitIkVWaSJ8FwCBR2s87p9a4GvtQc=; b=gcKXMe10xtbW2NR7bUUA42mWLDBkmBS83Xc1gIwFDNFYCBdZmxKmUmBfZG56Pkro1K XtijhiuyfVRgwspkLcBcxFC0QBiyJIGVZyXi2orbMbta1JzyUtzSiBVAZSogOuKk+krW SOuSV8kZ9n/vRDk/c8nCsZhYjs+/r+948Ql4A=
In-reply-to: <20170911094549.iu7oysdpwxnri55i@kirkwall.lab.uxdom.org>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20170911092352.qnvrw6lu4eorr57q@kirkwall.lab.uxdom.org> <644bf94b-524f-2319-e0a7-363e801b3d02@tvdw.eu> <20170911094549.iu7oysdpwxnri55i@kirkwall.lab.uxdom.org>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Your config looks more or less exactly the same as mine (I allow tcp but
that's the only difference I can see).

If you do a dig from the unbound server to the BSD gateway do you get a
result?

dig @172.22.56.4#1053 protonirockerxow.onion

On Mon, Sep 11, 2017 at 10:45 AM, C. L. Martinez <carlopmart@xxxxxxxxx>
wrote:

> To resolve Tor's hostnames like for example ProtonMail. For example, If I
> do a query from FreeBSD's Tor gateway:
>
> root@torbsdgw:/var/log/tor # !345
> tor-resolve protonirockerxow.onion
> fe8d:ecdb:dc62:f60:6eda:15ea:39d9:b5c2
>
>  ... it works ...
>
> On Mon, Sep 11, 2017 at 12:16:23PM +0200, Tom van der Woerdt wrote:
> > Looks fine, you're getting NXDOMAIN, not SERVFAIL.
> >
> > What do you expect a DNS query for a .onion to return?
> >
> >
> > Op 11/09/2017 om 11:23 schreef C. L. Martinez:
> > > Hi all,
> > >
> > >  I am trying to figure out the best way to handle DNS requests to both
> clearnet and Tor onionland. Currently, I am using two virtual machines
> (both FreeBSD 11 based): one used as my internal DNS resolver and the other
> is a FreeBSD's tor gateway.
> > >
> > >  My unbound.conf's file in my internal DNS (unbound) is:
> > >
> > > server:
> > >     do-tcp: no
> > >     do-not-query-localhost: no
> > >         domain-insecure: "onion"
> > >         private-domain: "onion"
> > >
> > > forward-zone:
> > >         name: "onion"
> > >         forward-addr: 172.22.56.4@1053
> > >
> > >  And my FreeBSD's Tor gateway (172.22.56.4) is running Tor's DNS
> resolver:
> > >
> > > USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN
> ADDRESS
> > > _tor     tor        89238 5  tcp4   127.0.0.1:9050        *:*
> > > _tor     tor        89238 6  udp4   *:1053                *:*
> > > _tor     tor        89238 7  tcp4   127.0.0.1:9040        *:*
> > > root     sendmail   40917 4  tcp4   127.0.0.1:25          *:*
> > > root     sshd       47802 4  tcp4   172.22.56.4:22        *:*
> > >
> > >  .. but If I try to resolve any .onion domain from my Unbound's
> internal DNS server it doesn't works:
> > >
> > > Server:         127.0.0.1
> > > Address:        127.0.0.1#53
> > >
> > > ** server can't find protonirockerxow.onion: NXDOMAIN
> > >
> > >  Any idea?? What is it wrong with my config?
> > >
> > > Thanks.
> > >
>
> --
> Greetings,
> C. L. Martinez
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>



-- 
Ben Tasker
https://www.bentasker.co.uk
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Using unbound to resolve .onion domains
  - From: C. L. Martinez

References:
- [tor-talk] Using unbound to resolve .onion domains
  - From: C. L. Martinez
- Re: [tor-talk] Using unbound to resolve .onion domains
  - From: Tom van der Woerdt
- Re: [tor-talk] Using unbound to resolve .onion domains
  - From: C. L. Martinez

Prev by Author: Re: [tor-talk] Using unbound to resolve .onion domains
Next by Author: Re: [tor-talk] Tor bridges over ICMP or DNS
Previous by thread: Re: [tor-talk] Using unbound to resolve .onion domains
Next by thread: Re: [tor-talk] Using unbound to resolve .onion domains
Index(es):
- Author
- Thread