Phil wrote: > > I realize this needs a fix not a workaround, but if a workaround is enough > for now you could try running lynx via proxychains --> tor > > Proxychains might grab all the DNS requests.
Thanks for your response. Now that I know lynx doesn't leak DNS when the protocol (e.g. http://) in included, using full URLs is enough of a "workaround" for me. (And a relief that I haven't been leaking all of this time.) For everybody's information, I think I learned more about the leaks while I was playing with proxychains. It *appears* that lynx is using DNS to try variations on the supplied name to find one that works. (Maybe there is an option to stop this?) So while I have a solution for myself, I think people using lynx with tor ought to be warned about this. > You could also probably leave privoxy in the proxy chain or test it with and > without. > > I haven't tried this with lynx, but proxychains does work with tor. I have tried using proxychains to chain to privoxy. Trying to chain directly to Tor would require more fiddling and I haven't tried that. Lynx couldn't get to the website *and* it DNS leaked. Maybe I didn't have it configured correctly? (privoxy is listening on 192.168.1.27:8119) The non-comment, non-blank lines of the configuration file were: strict_chain tcp_read_time_out 15000 tcp_connect_time_out 10000 [ProxyList] http 192.168.1.27 8119 I used the command: proxychains lynx http://torcheck.xenobite.eu With tcpdump I saw a DNS query, a TCP handshake with Privoxy, and then proxychains terminated the connection. The page request was not logged in Privoxy's logfile. proxychains reported: "strict chain:....192.168.1.27:8119..broken", and backgrounded and stopped lynx. # tcpdump -nni eth0 not tcp port 22 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 23:20:08.950239 IP 192.168.2.102.42865 > 65.247.xx.xx.53: 28346+ A? torcheck.xenobite.eu. (38) 23:20:08.952037 IP 65.247.xx.xx.53 > 192.168.2.102.42865: 28346 1/2/2 A 217.160.111.190 (137) 23:20:08.952807 IP 192.168.2.102.51357 > 192.168.1.27.8119: S 3021896822:3021896822(0) win 5840 <mss 1460,sackOK,timestamp 709785 0,nop,wscale 5> 23:20:08.954018 IP 192.168.1.27.8119 > 192.168.2.102.51357: S 3677520579:3677520579(0) ack 3021896823 win 5792 <mss 1460,sackOK,timestamp 4633540 709785,nop,wscale 2> 23:20:08.954052 IP 192.168.2.102.51357 > 192.168.1.27.8119: . ack 1 win 183 <nop,nop,timestamp 709785 4633540> 23:20:08.954245 IP 192.168.2.102.51357 > 192.168.1.27.8119: F 1:1(0) ack 1 win 183 <nop,nop,timestamp 709785 4633540> 23:20:08.955321 IP 192.168.1.27.8119 > 192.168.2.102.51357: P 1:54(53) ack 2 win 1448 <nop,nop,timestamp 4633540 709785> 23:20:08.955353 IP 192.168.2.102.51357 > 192.168.1.27.8119: R 3021896824:3021896824(0) win 0 23:20:08.955686 IP 192.168.1.27.8119 > 192.168.2.102.51357: F 54:54(0) ack 2 win 1448 <nop,nop,timestamp 4633540 709785> 23:20:08.955702 IP 192.168.2.102.51357 > 192.168.1.27.8119: R 3021896824:3021896824(0) win 0