[tor-talk] glibc's DNS lookups fail
douglastskillern at lavabit.com
douglastskillern at lavabit.com
Wed Feb 15 21:42:39 UTC 2012
I am incredibly sorry that my posts do not reference the right
Message-ID's. This seems to be a bug in the webmail interface I am using.
>>> Chain POSTROUTING (policy ACCEPT)
>>> target prot opt source destination
>>> MASQUERADE tcp -- 192.168.179.0/24 !192.168.179.0/24 masq
>>> ports:
>>> 1024-65535
>>> MASQUERADE udp -- 192.168.179.0/24 !192.168.179.0/24 masq
>>> ports:
>>> 1024-65535
>>> MASQUERADE all -- 192.168.179.0/24 !192.168.179.0/24
>>> [...]
>>> (The POSTROUTING stuff is due to a VM I have running.)
>>
>> I think your issues might be related to these rules, though. Could you
>> try without? Could you try to use SNAT with a specific IP address
>> instead of MASQUERADE? Could you try to filter based on output
>> interfaces instead of destination addresses?
>
> I tried without, no difference. In fact, my problem is not related to
> iptables at all. If I start tor with DNSPort set to 53, and set my
> nameserver in /etc/resolv.conf to 127.0.0.1, it does not work as well.
> (First lookup fails, consequent lookups succeed).
I think I am finally getting somewhere. Netfilter definitely does not
cause my problem. As I said in
http://archives.seul.org/or/talk/Feb-2012/msg00202.html, I wrote a simple
application that performs lookups using glibc. It turns out that all
lookups succeed, if addinfo.ai_family is AF_INET. If addrinfo.ai_family is
AF_UNSPEC (this is what gnutls-cli, openbsd netcat etc.) are using, the
first lookup fails, subsequent lookups succeed.
Cheers,
Douglas
More information about the tor-talk
mailing list