[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #16926 [Tor Browser]: Multiple OS: Tor Browser leaks domains to system DNS management.
#16926: Multiple OS: Tor Browser leaks domains to system DNS management.
---------------------------+----------------------------------
Reporter: DrMikeTwiddle | Owner: tbb-team
Type: defect | Status: new
Priority: critical | Milestone:
Component: Tor Browser | Version: Tor: unspecified
Keywords: | Actual Points:
Parent ID: | Points:
---------------------------+----------------------------------
Someone recently posted this bug:
https://trac.torproject.org/projects/tor/ticket/16813
Which describes what appeared to be a serious DNS leak from Tor to the
Linux systemâs DNS management, nscd.
But the same thing is happening on OS X with mDNSResponder.
The following command: sudo killall -INFO mDNSResponder will dump the
contents of the DNS cache to system.log.
And within that I found one site that has *only* been visited via Tor
Browser.
Iâm not sure why it was only one after a heavy Tor session, and subsequent
attempts to repeat this have not reproduced the problem.
Now Iâve learned this isnât new, others have commented the same in the
past:
https://maymay.net/blog/2013/02/20/howto-use-tor-for-all-network-traffic-
by-default-on-mac-os-x/comment-page-1/#comment-965581
https://maymay.net/blog/2013/02/20/howto-use-tor-for-all-network-traffic-
by-default-on-mac-os-x/comment-page-1/#comment-995659
I actually tested recent Tor Browser versions quite thoroughly from time
to time with tcpdump and inspecting the dump either by grepping for IP
addresses other than the expected entry node or inspecting in Wireshark
and have never seen a âliveâ DNS leak from Tor yet.
But itâs difficult to tell from the mDNSResponder dump in system.log if
mDNSResponder is sometimes trying to look up domains visited over Tor in
clearnet.
The comments in the above 2 links believe that is the case and they
recommend mDNSResponder has to be disabled before Tor use.
The entry of the mDNSResponder dump in system log was:
Aug 30 02:29:23 mymachine mDNSResponder[39]: 78 4252 -U- Addr
4 tor-only-visited-site.com Addr 123.123.123.123
Can we get some *urgent* clarification about how Tor Browser is handling
this ?
Is it merely the case that the system DNS service has to have access to
sites Tor is connecting to but isnât actually doing any DNS lookups in the
clear but they are just (sometimes?) ending up in its cache?
Or is it the case that if DNS look ups over Tor fail or stall they being
passed to the system to âhave a goâ ? Can we get some answers please,
because the information is currently extremely vague.
Note I believe in more recent versions of OS X mDNSResponder has been
replaced with a service called discoveryd, but Iâm using not using these
later versions.
Tor Browser version is the latest 5.02 OS X
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16926>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs