[tor-bugs] #16926 [Tor Browser]: Multiple OS: Tor Browser leaks domains to system DNS management.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Aug 30 06:24:11 UTC 2015
#16926: Multiple OS: Tor Browser leaks domains to system DNS management.
---------------------------+----------------------------------
Reporter: DrMikeTwiddle | Owner: tbb-team
Type: defect | Status: new
Priority: critical | Milestone:
Component: Tor Browser | Version: Tor: unspecified
Keywords: | Actual Points:
Parent ID: | Points:
---------------------------+----------------------------------
Someone recently posted this bug:
https://trac.torproject.org/projects/tor/ticket/16813
Which describes what appeared to be a serious DNS leak from Tor to the
Linux system’s DNS management, nscd.
But the same thing is happening on OS X with mDNSResponder.
The following command: sudo killall -INFO mDNSResponder will dump the
contents of the DNS cache to system.log.
And within that I found one site that has *only* been visited via Tor
Browser.
I’m not sure why it was only one after a heavy Tor session, and subsequent
attempts to repeat this have not reproduced the problem.
Now I’ve learned this isn’t new, others have commented the same in the
past:
https://maymay.net/blog/2013/02/20/howto-use-tor-for-all-network-traffic-
by-default-on-mac-os-x/comment-page-1/#comment-965581
https://maymay.net/blog/2013/02/20/howto-use-tor-for-all-network-traffic-
by-default-on-mac-os-x/comment-page-1/#comment-995659
I actually tested recent Tor Browser versions quite thoroughly from time
to time with tcpdump and inspecting the dump either by grepping for IP
addresses other than the expected entry node or inspecting in Wireshark
and have never seen a ‘live’ DNS leak from Tor yet.
But it’s difficult to tell from the mDNSResponder dump in system.log if
mDNSResponder is sometimes trying to look up domains visited over Tor in
clearnet.
The comments in the above 2 links believe that is the case and they
recommend mDNSResponder has to be disabled before Tor use.
The entry of the mDNSResponder dump in system log was:
Aug 30 02:29:23 mymachine mDNSResponder[39]: 78 4252 -U- Addr
4 tor-only-visited-site.com Addr 123.123.123.123
Can we get some *urgent* clarification about how Tor Browser is handling
this ?
Is it merely the case that the system DNS service has to have access to
sites Tor is connecting to but isn’t actually doing any DNS lookups in the
clear but they are just (sometimes?) ending up in its cache?
Or is it the case that if DNS look ups over Tor fail or stall they being
passed to the system to ‘have a go’ ? Can we get some answers please,
because the information is currently extremely vague.
Note I believe in more recent versions of OS X mDNSResponder has been
replaced with a service called discoveryd, but I’m using not using these
later versions.
Tor Browser version is the latest 5.02 OS X
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16926>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list