Ague Mill: > Hi! > > Since we now include Torbrowser patches, we gained the > `network.proxy.socks_remote_dns` preference. > > Its implemented in: > <https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/src/current-patches/firefox/0016-Prevent-WebSocket-DNS-leak.patch> > > When this option is true, Firefox will fail every name resolving request > that is not going through a proxy (except when asked the noop that is > resolving an IP address). > > socks_remote_dns is set to true by Torbutton. This is currently seen as > mandatory: when set to false, Torbutton assumes we are out of "Tor mode" > and display a broken onion. > > This state of affairs currently breaks (at least) two things in Tails > 0.14: > > * Access to the I2P router console through `http://localhost:7657/`. > * The Monkeysphere extension is not able to connect the validation > agent. (This one also requires a new whitelist rule in FoxyProxy > to fully work again.) > > Both can be fixed by using `127.0.0.1` instead of `localhost`. That's > good enough if there's not an army of similar issues behind. > > But given that Tails system resolver is using Tor, this already takes care > of the leaks that `socks_remote_dns` prevents. So we could also modify > Torbutton think good things about our torrified system resolver.
"socks_remote_dns true" uses Tor Browser's socks port (SocksPort) for DNS resolution while "socks_remote_dns false" uses the torified system DNS resolver (DnsPort). SocksPort and DnsPort are stream isolated. I recommend against using "socks_remote_dns false". It would lead to having a different Tor circuit resolving DNS, thus worsening Tails's web fingerprint. (http://check2ip.com/ demonstrates showing your dns server) Cheers, adrelanos _______________________________________________ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
