resolving DNS via Tor

by

When I am using Tor, and not using the Tor bundle there is a possibility of DNS leaks in certain situations.

What can be done to minimize it? Is it possible to resolve DNS via Tor?

Contents hide
Answers:
Method 1
Method 2

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

To minimize DNS leaks, it is indeed possible to resolve DNS via Tor.

For that, add to your /etc/tor/torrc the line:

DNSPort 9053

And restart the tor service with:

service tor restart

To test it out, do:

$nslookup
set port=9053
server 127.0.0.1
www.cnn.com

If using resolvconf/dnsmasq, change your /etc/dnsmasq.conf:

 no-resolv
 server=127.0.0.1#9053
 listen-address=127.0.0.1

If simply using /etc/resolv.conf that is not changed by a DHCP configuration, change /etc/resolv.conf to:

nameserver 127.0.0.1#9053

or in BIND place in /etc/bind/named.conf.options:

options {
    forwarders {
        127.0.0.1 port 9053;
    }
}

Using a reputable dnscrypt service is in principle more secure than leaving your DNS resolution up to some element in the chain of the Tor network; see Configure BIND as Forwarder only (no root hints), encrypted + RPZ blacklist / whitelist all together.

Also take note that resolving DNS via a Tor gateway is notably slower, and it is strongly advised to have a local cache such as dnsmasq or BIND.

I will leave here the source of the article from which I have taken the dnsmasq configuration. Resolve DNS through Tor

Interestingly enough, as a complementary/alternative approach, the strategy used by redsocks for handling UDP DNS requests is giving an invalid answer to any UDP DNS request via dnstc to force the operation of DNS via TCP, and thus facilitate the proxying of DNS via Tor.

See also Visiting darknet/ Tor sites with Firefox

Method 2

This issue will stay as it is if you are using secure browser like Tor, it will always leak the DNS. USE Open VPN behind the Tor…


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x