[tor-talk] Does the Tor DNS transparent proxy code use clients nameservers?
Rob van der Hoeven
robvanderhoeven at ziggo.nl
Wed Oct 25 20:42:06 UTC 2017
Hi Folks,
I'm testing a small single-program transproxy program that I wrote (not
released yet). This program forwards DNS requests to the DNSPort of the
Tor daemon. During my tests I noticed something that worries me.
With my program I can basically redirect network traffic from any
program to the DNSPort/TransPort of the Tor daemon. For fun I tried:
dig hoevenstein.nl
To my surprise I got an answer from one of the nameservers in my own
resolv.conf. It looks like the exit node blindly uses the nameserver
from the original request. Can anyone confirm this?
I checked with wireshark, and no DNS queries are leaving my system,
also the query time indicates the request was done using the Tor
network.
Leaking a users nameserver looks dangerous to me.
Can someone shine a light on this?
Rob.
https://hoevenstein.nl
=====================================
Here are the result of my experiment:
=====================================
rob at jessie:~$ aorta -t dig hoevenstein.nl
RUNNING dig hoevenstein.nl
; <<>> DiG 9.10.3-P4-Debian <<>> hoevenstein.nl
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61683
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;hoevenstein.nl. IN A
;; ANSWER SECTION:
hoevenstein.nl. 3600 IN A 94.211.74
.2
;; Query time: 178 msec
;; SERVER: 89.101.251.228#53(89.101.251.228)
;; WHEN: Wed Oct 25 21:39:03 CEST 2017
;; MSG SIZE rcvd: 48
AORTA CLOSED ...
rob at jessie:~$ cat /etc/resolv.conf
# Generated by NetworkManager
search dynamic.ziggo.nl
nameserver 89.101.251.228
nameserver 89.101.251.229
Without using Tor:
==================
rob at jessie:~$ dig hoevenstein.nl
; <<>> DiG 9.10.3-P4-Debian <<>> hoevenstein.nl
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17152
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hoevenstein.nl. IN A
;; ANSWER SECTION:
hoevenstein.nl. 3600 IN A 94.211.74
.2
;; Query time: 16 msec
;; SERVER: 89.101.251.228#53(89.101.251.228)
;; WHEN: Wed Oct 25 21:46:28 CEST 2017
;; MSG SIZE rcvd: 59
More information about the tor-talk
mailing list