[tor-talk] glibc's DNS lookups fail

douglastskillern at lavabit.com douglastskillern at lavabit.com
Wed Feb 15 21:42:39 UTC 2012


I am incredibly sorry that my posts do not reference the right
Message-ID's.  This seems to be a bug in the webmail interface I am using.

>>> Chain POSTROUTING (policy ACCEPT)
>>> target     prot opt source               destination
>>> MASQUERADE  tcp  --  192.168.179.0/24    !192.168.179.0/24    masq
>>> ports:
>>> 1024-65535
>>> MASQUERADE  udp  --  192.168.179.0/24    !192.168.179.0/24    masq
>>> ports:
>>> 1024-65535
>>> MASQUERADE  all  --  192.168.179.0/24    !192.168.179.0/24
>>> [...]
>>> (The POSTROUTING stuff is due to a VM I have running.)
>>
>> I think your issues might be related to these rules, though. Could you
>> try without? Could you try to use SNAT with a specific IP address
>> instead of MASQUERADE? Could you try to filter based on output
>> interfaces instead of destination addresses?
>
> I tried without, no difference.  In fact, my problem is not related to
> iptables at all.  If I start tor with DNSPort set to 53, and set my
> nameserver in /etc/resolv.conf to 127.0.0.1, it does not work as well.
> (First lookup fails, consequent lookups succeed).

I think I am finally getting somewhere.  Netfilter definitely does not
cause my problem.  As I said in
http://archives.seul.org/or/talk/Feb-2012/msg00202.html, I wrote a simple
application that performs lookups using glibc. It turns out that all
lookups succeed, if addinfo.ai_family is AF_INET. If addrinfo.ai_family is
AF_UNSPEC (this is what gnutls-cli, openbsd netcat etc.) are using, the
first lookup fails, subsequent lookups succeed.

Cheers,

Douglas




More information about the tor-talk mailing list