Arch Linux

stonerl

Member

Registered: 2007-05-28

Posts: 17

Tor and DNS resolving

Hiho together,

a few days ago i installed tor, so far everything is running. But i read some things about dns using tor but i really don´t have a clue what it means. First of all. in the tor-faq i read is should use  privoxy because it eliminates some http-headers when doing a dns request (cause is uses socks4a), and would make things more secure. So i read something about socks but i have no idea what the difference between socks4/5 and socks4a is.

On my system i´m using dnsmasq as local dns-server and dnsmasq send is dns-request to an dns-server in America. So i guessed i don´t need privoxy anymore. And configured Firefox to use tor directly via socks. But in the tor logs i had this message:

Your application (using socks5 on port 8000) is giving Tor only an IP address. Applications that do 
DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. 
For more information, please see http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS.

So i installed FoxyProxy and activated that Firefox should use a socks-proxy (tor) for dns lookup. After doing this the message disappeared.

The question for me is, do i need privoxy and/or dns-lookup through the tor-network. Or is it enough to have dnsmasq as my dns-server. Cause i really did not found many information about this. (Maybe is should try harder )

regards, stonerl

Edit: Ok, i read something about what privoxy is doing, it seems that, if configured correctly privoxy sends dns-request through the tor-network. So does that mean when i use dnsmasq and my local dns-cache does not contain e.g. www.archlinux.org, dnsmasq sends an request to the dns-server i set in the config, and this is the weak point they talk about when saying use privoxy?

Last edited by stonerl (2007-08-30 04:13:49)

morphis

Member

Registered: 2007-04-03

Posts: 3

Re: Tor and DNS resolving

Yes, I think this is the point.
There are some differences between the versions of the SOCKS protocol.
SOCKS 4: Accepts only ip adresses; the application or the dns-client first resolves the hostname.
SOCKS 4a: only accepts hostnames; (no) resolving of the hostname by the application; depends on how SOCKS 4a is implemented
SOCKS 5: accepts hostnames and ip adresses; applications often uses a dns-client to resolve the hostname

So if you use a http/https proxy server all dns request goes through this. If not the application tries to resolv the hostname on it's own way. Your Firefox can be configured to avoid this. Use Tor as a SOCKS proxy and enable the 'network.proxy.socks_remote_dns' flag in the about:config dialog.