ff 1.5.0.7 & 2.0 (remote) dns leaks when using tor

lester psigal lesterpsigal at yahoo.de
Fri Nov 17 23:38:12 UTC 2006


Mike Perry wrote:
> Thus spake lester psigal (lesterpsigal at yahoo.de):
>
>   
>> hi there,
>> i've got a setup for anonymous browsing using firefoxf 1.5.0.7 and
>> lately ff 2 with privoxy and tor (vidalia bundle 0.0.7) on windows xp sp2.
>> the ff configuration option 'network.proxy.socks_remote_dns ' is set to
>> true, the setting 'network.proxy.failover_timeout' is set to 50000 and
>> the 'network.proxy.socks_version' is set to 5 but the ethereal logs show
>> that firefox is still leaking dns requests, i.e. ff still does the
>> lookups itself and does not delegate them to the proxy (which is not
>> quite true: the dns requests are always delegated to the proxy and
>> _sometimes_ to the local dns client too).
>> to make it worse the leaks are occuring randomly (sometimes the remote
>> dns works and sometimes not), so i'm guessing that it is a timeout issue.
>> does ff fallback to local dns lookup when a remote lookup request is not
>> answered in a timely manner or is it a failure with the os dns client or
>> even a ff bug?
>> what else could be done to prevent ff from dns leaking?
>>
>> any hints or suggestions would be very nice as it does not make any
>> sense to me to operate a quite complex and complicated system for
>> anonymous browsing when tracking of dns requests is all
>> a profiling facility has to do...
>>
>> thanks
>>
>> p.s. i've already posted the same message to the the mozillazine ff
>> general forum without getting an answer
>>     
>
> Well, just so you don't feel that everyone is ignoring you, I'll voice
> most of our reactions: *shock*, *eyes popping*. Woops, time to turn
> privoxy back on (use HTTP proxy port 8118 and don't list anything in
> the SOCKS line).
>
> Were you able to determine exactly what network.proxy.failover_timeout
> governed? Was it just DNS? Did it have any effect at all on the
> behavior? Perhaps the units are miliseconds. Sometimes Tor takes as
> long as a minute to build a new circuit...
>
> It would be logical if either 0 or -1 meant infinite.. Did you try
> those?

thanks for your reply, you're right that i'm quite worrying about such
an issue and felt slightly irritated as well...

what i've forgot to mention that my installation of firefox uses
torbutton 1.0.4 which is a firefox add-on preconfiguring the proxy
settings for the vidalia bundle, that is http/s: localhost:8118
and  socksv5 localhost:9050.
that's alright so far.
i was wondering if i got a special problem with my installation or if
that is a problem of a more general type, but according to the  feedback
and other (non-existent) postings it must be a special one, or perhaps a
lot of people are thinking they surf anonymously but still leak their
dns requests...
anyway, i've tried to solve the problem more systematically:
i've cleared the cache, tried some web addresses and checked the
ethereal logs and it turns out that with the
settings mentioned above on each url a local udp dns request occurs,
while the tor log reads:
-
Nov 16 14:07:08:052 [Notice] fetch_from_buf_socks(): Your application
(using socks4a on port 80) gave Tor a hostname, which means Tor will do
the DNS resolve for you. This is good.
-
one log entry for each request privoxy makes.
this must be wrong because i'm using mozilla thunderbird with the
torbutton  add-on too (same settings). over here no local dns lookup occurs
and the tor log entry reads:
-
Nov 16 14:26:24:434 [Notice] fetch_from_buf_socks(): Your application
(using socks5 on port 995) gave Tor a hostname, which means Tor will do
the DNS resolve for you. This is good.
-
which means thunderbird connects directly to the tor client and speaks
socks v5 (and not socks 4a !). the dns query is resolved via the
circuit as intended...
so i was expecting that firefox does the same: first resolve the dns
name via the socks 5 tor client and then retrieve the http/s content via
privoxy/tor...

then, i've tried different settings:
setting ff's 'network.proxy.failover_timeout' to '-1' or '0'
-> no change
(if a timeout occurs privoxy shows up with one of its error pages)
leaving socks proxy line blank in ff's connection setting
-> no change
setting all proxy protocols to privoxy port
-> no change
disabling dns client service on win xp
-> no change
disabling 'forward socks4a requests' directive in privoxy configuration
-> no change

also, i've recognized that the local dns queries are occuring when there
is an direct user interaction with the browser like entering an url,
selecting a bookmark, clicking a link etc. while requests from websites
(when loading a page) seem to be resolved remotely (they do not show up
in the ethereal logs but are requested in privoxy and log'ged by tor).
unfortunately, i don't know if ff resolves dns by an own internal
resolver thread or by delegating to the system which makes the whole
thing worse.

so, usually i'm not easily frustated but over here i'm really missing a
thing and i would not wonder if its a little configuration tweak i
forgot about...

any advice is welcome...





		
___________________________________________________________ 
Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de



More information about the tor-talk mailing list