[tor-talk] Tor transparent proxy -> strange behavior regarding .onion

radio_24 at chscene.ch radio_24 at chscene.ch
Thu Jan 19 19:38:03 UTC 2017


> 
> radio_24 at chscene.ch <mailto:radio_24 at chscene.ch>:
>> Firefox message:
>> Server not found
>> Firefox can’t find the server at facebookcorewwwi.onion
> 
> Can you check whether Firefox sends actual DNS requests? If it does then
> what response it gets (e.g. via tcpdump/wireshark)? What server replies
> to the requests?
> 
> Also check whether DNS settings are not overridden in your OS/browser
> (e.g. by DHCP).

Thanks, Ivan for your answer.

On my client (macOS Sierra, 192.168.42.11), wireshark shows me for Google Chrome following request/response (192.168.42.1 is the IP of the transparent Tor proxy):

192.168.42.11	192.168.42.1	DNS	  82	Standard query 0x9692 A deepdot35wvmeyd5.onion
192.168.42.1	192.168.42.11	DNS	  98	Standard query response 0x9692 A deepdot35wvmeyd5.onion A 10.234.82.239

In other words: it works as expected. 

But with Firefox and Safari I don’t see anything — whether with wireshark on the client nor with tcpdump on the proxy. Under about:networking <about:networking>, DNS-Lookup, Firefox's response is NS_ERROR_UNKNOWN_HOST. 
It seems as if macOS Sierra decided that .onion is not a valid DNS name and didn’t make a DNS request at all (and yes, I did flush the DNS cache before).

To replicate this behavior, I took an old Macbook with OS X El Capitan with exactly the same network configuration (Router: 192.168.42.1 / DNS: 192.168.42.1 / Search Domain: local). It worked without problems (Firefox / Safari have on both computers exactly the same plugins).
More tests: It doesn’t work on iOS 10.2 either.

radio_24






More information about the tor-talk mailing list