|
Hi, I would appreciate feedback on how best to go about setting unbound to handle queries for tor services/domains. Running a tor daemon client node as SOCKS5 proxy with username/password credentials @ 192.168.112.12:9100 (tcp) First off my understanding is that < onion. | test. | invalid. > by unbound's default are resulting in nx and thus would start off with: server: domain-insecure: onion local-zone: "onion." static local-data: "onion. IN A 192.168.112.12" tls-cert-bundle: "/path/to/tor/cached-certs" trust-anchor-file: "/path/to/tor/cached-microdesc-consensus" Not sure whether/how unbound would interpret the trust-anchor-file and whether it can be even considered a trust-anchor? and then perhaps forward-zone: name: "onion." forward-addr: 192.168.112.12@9100 And there it stops with username/password credentials for the SOCKS5 proxy since I could not find a directive for unbound to parse those. Would the unbound queries work anyway if the tor node would be running as SOCKS5 proxy but sans credentials? Since tor node is caching < cached-microdescs > I was wondering whether that could perhaps satisfy auth-zone as opposed to forwarding (and thus avoiding querying the SOCKS5 proxy? auth-zone: name: "onion." for-downstream: no fallback-enabled: no zonefile: "/path/to/tor/cached-microdescs" |
