Re: [tor-dev] Requesting feedback on TorDNSd v1.1
how i can confirm that all dns traffic are going through tor proxy after running tordsn thx Date: Tue, 26 Jul 2011 23:43:41 + From: m8rovp...@gmail.com To: tor-dev@lists.torproject.org Subject: Re: [tor-dev] Requesting feedback on TorDNSd v1.1 Hello, + Currently, when a query fails, it'll use the next configured DNS server and reattempt to query on that one. Nothing special is done at the moment, but I'm open for suggestions. + A possible issue I see is that retrying a(n invalid) query on all possible domains may give a delay since it'll attempt to query all configured dns servers. + If I had to add additional DNS servers, I'd add in the OpenDNS servers. I'd like to add that one of the other nice features of TorDNSd are the filters : An internet connection not leaking out any DNS requests could look suspicious, but using 'filter-direct' rules you could define a couple of 'legal' queries to leak 'on purpose'. - LETO On Tue, Jul 26, 2011 at 11:16 PM, intrigeri intrig...@boum.org wrote: Hi, LETO wrote (26 Jul 2011 22:45:21 GMT) : It can use one or multiple remote dns servers (by default the google ones) meaning you can perform all queries (not just 'A' ones) Ok. I see the point of using ttdnsd-like functionality to supplement what the Tor DNS resolver is able to achieve itself. See our page about this issue on the Tails wiki in case you want to understand the place I'm speaking from: https://tails.boum.org/todo/support_arbitrary_dns_queries/ I also see the point of not granting one (and maybe a few) company/ies the power to decide example.com does not exist for TorDNSd (and Tails) users. Hence my past, present and future questions: How exactly does TorDNSd deal with multiple remote DNS servers? What issues could be possibly caused by using multiple remote DNS recursive servers by default in TorDNSd? What additional recursive servers would you consider worth adding to the default TorDNSd configuration? Bye, -- intrigeri intrig...@boum.org | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc | Did you exchange a walk on part in the war | for a lead role in the cage? ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Requesting feedback on TorDNSd v1.1
Hi, LETO wrote (24 Jul 2011 15:46:11 GMT) : Could some of you be so kind to try out my latest version of TorDNSd? It works a lot like ttdnsd with some additional features: Does TorDNSd use a single remote recursive DNS listener as its main source, like ttdnsd does? Or does it use the Tor resolver for requests it is able to deal with (namely: A requests)? Bye, -- intrigeri intrig...@boum.org | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc | So what? ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Requesting feedback on TorDNSd v1.1
It can use one or multiple remote dns servers (by default the google ones) meaning you can perform all queries (not just 'A' ones) - LETO On Tue, Jul 26, 2011 at 10:26 PM, intrigeri intrig...@boum.org wrote: Hi, LETO wrote (24 Jul 2011 15:46:11 GMT) : Could some of you be so kind to try out my latest version of TorDNSd? It works a lot like ttdnsd with some additional features: Does TorDNSd use a single remote recursive DNS listener as its main source, like ttdnsd does? Or does it use the Tor resolver for requests it is able to deal with (namely: A requests)? Bye, -- intrigeri intrig...@boum.org | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc | So what? ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Requesting feedback on TorDNSd v1.1
Hi, LETO wrote (26 Jul 2011 22:45:21 GMT) : It can use one or multiple remote dns servers (by default the google ones) meaning you can perform all queries (not just 'A' ones) Ok. I see the point of using ttdnsd-like functionality to supplement what the Tor DNS resolver is able to achieve itself. See our page about this issue on the Tails wiki in case you want to understand the place I'm speaking from: https://tails.boum.org/todo/support_arbitrary_dns_queries/ I also see the point of not granting one (and maybe a few) company/ies the power to decide example.com does not exist for TorDNSd (and Tails) users. Hence my past, present and future questions: How exactly does TorDNSd deal with multiple remote DNS servers? What issues could be possibly caused by using multiple remote DNS recursive servers by default in TorDNSd? What additional recursive servers would you consider worth adding to the default TorDNSd configuration? Bye, -- intrigeri intrig...@boum.org | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc | Did you exchange a walk on part in the war | for a lead role in the cage? ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Requesting feedback on TorDNSd v1.1
Hello, + Currently, when a query fails, it'll use the next configured DNS server and reattempt to query on that one. Nothing special is done at the moment, but I'm open for suggestions. + A possible issue I see is that retrying a(n invalid) query on all possible domains may give a delay since it'll attempt to query all configured dns servers. + If I had to add additional DNS servers, I'd add in the OpenDNS servers. I'd like to add that one of the other nice features of TorDNSd are the filters : An internet connection not leaking out any DNS requests could look suspicious, but using 'filter-direct' rules you could define a couple of 'legal' queries to leak 'on purpose'. - LETO On Tue, Jul 26, 2011 at 11:16 PM, intrigeri intrig...@boum.org wrote: Hi, LETO wrote (26 Jul 2011 22:45:21 GMT) : It can use one or multiple remote dns servers (by default the google ones) meaning you can perform all queries (not just 'A' ones) Ok. I see the point of using ttdnsd-like functionality to supplement what the Tor DNS resolver is able to achieve itself. See our page about this issue on the Tails wiki in case you want to understand the place I'm speaking from: https://tails.boum.org/todo/support_arbitrary_dns_queries/ I also see the point of not granting one (and maybe a few) company/ies the power to decide example.com does not exist for TorDNSd (and Tails) users. Hence my past, present and future questions: How exactly does TorDNSd deal with multiple remote DNS servers? What issues could be possibly caused by using multiple remote DNS recursive servers by default in TorDNSd? What additional recursive servers would you consider worth adding to the default TorDNSd configuration? Bye, -- intrigeri intrig...@boum.org | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc | Did you exchange a walk on part in the war | for a lead role in the cage? ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] Requesting feedback on TorDNSd v1.1
Could some of you be so kind to try out my latest version of TorDNSd? It works a lot like ttdnsd with some additional features: - Filters to tell TorDNSd what requests to forward directly, forward through the SOCKS proxy or reject. - Remaps to define your own query replies (Currently only supports A, MX and NS replies) - Interactive shell (tordnsd-shell.exe): config-add settings and see them in action right away, will add extra features in the future. - Accepts both UDP and TPC DNS requests, forwards both through TCP requests - Basic caching of replies (optional) The rejects are handy to for example prevent leaking .onion requests (or any request if you want) You can also find some additional information about this release on my blog ( http://leto-r.blogspot.com/2011/07/tordnsd-v11-is-out.html ) It is written in C# and has been tested by myself under mono 2.6.7 / ubuntu natty. Check the default configuration @ https://raw.github.com/LETO-R/TorDNSd/b7aa04e980ad62308d4f2fa3143700c85b537de7/TorDNSd/tordnsd.conffor the full list of available settings. You can either download the mono compatible bins ( https://github.com/downloads/LETO-R/TorDNSd/tordnsd-v1.1-all-bin.zip ) or the windows installer ( https://github.com/downloads/LETO-R/TorDNSd/tordnsd-v1.1-win-setup.exe ) You can find the source code of these bins @ https://github.com/LETO-R/TorDNSd/tree/b7aa04e980ad62308d4f2fa3143700c85b537de7(make sure to get the submodules too) The sourcecode should be compilable using either MonoDevelop 2.4.2 (using the mono runtime) or Visual Studio 2010. If you do not run it as root on a non-windows system, a fatal error is printed since TorDNSd will most likely not be able to bind on port 53. Specify --no-root to skip this check. Kind of feedback I'd like of you: - What OS did you try it on? When ran using mono, what version? - Did it work? Did it require the elevated rights (root / administrator)? Did the root-checking work on non-windows systems? - Did the shell work for you? If not, what issues did you notice? Any improvements that you suggest? - Are the settings explained well enough (check tordnsd.conf)? - Is the supplied default configuration sufficient? Any filter / remaps I forgot? - Any other feedback you can think of, don't hold back! This is my first attempt at a cross-platform .NET project that contains some non-windows specific code / workarounds (mostly for the shell) so I really could use the feedback. If you do not wish to run it as your main dns resolver 'just yet', you can always test it by using dig (examples: 'dig @127.0.0.1 bla.onion' to test rejection, or 'dig @127.0.0.1 vescum.tor' to test the remap feature) All I ask is to stay constructive. If you wonder, I constantly have TorDNSd (shell) running now and have configured it as my main dns resolver as I consider it secure. Hope you find this to be true as well. - LETO ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
