[tor-talk] Does the Tor DNS transparent proxy code use clients nameservers?

Allen allenpmd at gmail.com
Wed Oct 25 20:50:51 UTC 2017


and what happens if you use dig alone to talk directly to tor?
something like "dig -p torport hostname +tcp" (see man dig)

On Wed, Oct 25, 2017 at 4:42 PM, Rob van der Hoeven
<robvanderhoeven at ziggo.nl> wrote:
> Hi Folks,
>
> I'm testing a small single-program transproxy program that I wrote (not
> released yet). This program forwards DNS requests to the DNSPort of the
> Tor daemon. During my tests I noticed something that worries me.
>
> With my program I can basically redirect network traffic from any
> program to the DNSPort/TransPort of the Tor daemon. For fun I tried:
>
> dig hoevenstein.nl
>
> To my surprise I got an answer from one of the nameservers in my own
> resolv.conf. It looks like the exit node blindly uses the nameserver
> from the original request. Can anyone confirm this?
>
> I checked with wireshark, and no DNS queries are leaving my system,
> also the query time indicates the request was done using the Tor
> network.
>
> Leaking a users nameserver looks dangerous to me.
> Can someone shine a light on this?
>
> Rob.
> https://hoevenstein.nl
>
> =====================================
> Here are the result of my experiment:
> =====================================
>
> rob at jessie:~$ aorta -t dig hoevenstein.nl
>
> RUNNING dig hoevenstein.nl
>
> ; <<>> DiG 9.10.3-P4-Debian <<>> hoevenstein.nl
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61683
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;hoevenstein.nl.                        IN      A
>
> ;; ANSWER SECTION:
> hoevenstein.nl.         3600    IN      A       94.211.74
> .2
>
> ;; Query time: 178 msec
> ;; SERVER: 89.101.251.228#53(89.101.251.228)
> ;; WHEN: Wed Oct 25 21:39:03 CEST 2017
> ;; MSG SIZE  rcvd: 48
>
> AORTA CLOSED ...
>
> rob at jessie:~$ cat /etc/resolv.conf
> # Generated by NetworkManager
> search dynamic.ziggo.nl
> nameserver 89.101.251.228
> nameserver 89.101.251.229
>
> Without using Tor:
> ==================
>
> rob at jessie:~$ dig hoevenstein.nl
>
> ; <<>> DiG 9.10.3-P4-Debian <<>> hoevenstein.nl
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17152
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;hoevenstein.nl.                        IN      A
>
> ;; ANSWER SECTION:
> hoevenstein.nl.         3600    IN      A       94.211.74
> .2
>
> ;; Query time: 16 msec
> ;; SERVER: 89.101.251.228#53(89.101.251.228)
> ;; WHEN: Wed Oct 25 21:46:28 CEST 2017
> ;; MSG SIZE  rcvd: 59
>
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


More information about the tor-talk mailing list