[tor-talk] Tor transparent proxy -> strange behavior regarding .onion
radio_24 at chscene.ch
radio_24 at chscene.ch
Thu Jan 19 19:38:03 UTC 2017
>
> radio_24 at chscene.ch <mailto:radio_24 at chscene.ch>:
>> Firefox message:
>> Server not found
>> Firefox can’t find the server at facebookcorewwwi.onion
>
> Can you check whether Firefox sends actual DNS requests? If it does then
> what response it gets (e.g. via tcpdump/wireshark)? What server replies
> to the requests?
>
> Also check whether DNS settings are not overridden in your OS/browser
> (e.g. by DHCP).
Thanks, Ivan for your answer.
On my client (macOS Sierra, 192.168.42.11), wireshark shows me for Google Chrome following request/response (192.168.42.1 is the IP of the transparent Tor proxy):
192.168.42.11 192.168.42.1 DNS 82 Standard query 0x9692 A deepdot35wvmeyd5.onion
192.168.42.1 192.168.42.11 DNS 98 Standard query response 0x9692 A deepdot35wvmeyd5.onion A 10.234.82.239
In other words: it works as expected.
But with Firefox and Safari I don’t see anything — whether with wireshark on the client nor with tcpdump on the proxy. Under about:networking <about:networking>, DNS-Lookup, Firefox's response is NS_ERROR_UNKNOWN_HOST.
It seems as if macOS Sierra decided that .onion is not a valid DNS name and didn’t make a DNS request at all (and yes, I did flush the DNS cache before).
To replicate this behavior, I took an old Macbook with OS X El Capitan with exactly the same network configuration (Router: 192.168.42.1 / DNS: 192.168.42.1 / Search Domain: local). It worked without problems (Firefox / Safari have on both computers exactly the same plugins).
More tests: It doesn’t work on iOS 10.2 either.
radio_24
More information about the tor-talk
mailing list