[tor-talk] Using unbound to resolve .onion domains
C. L. Martinez
carlopmart at gmail.com
Mon Sep 11 09:45:49 UTC 2017
To resolve Tor's hostnames like for example ProtonMail. For example, If I do a query from FreeBSD's Tor gateway:
root at torbsdgw:/var/log/tor # !345
tor-resolve protonirockerxow.onion
fe8d:ecdb:dc62:f60:6eda:15ea:39d9:b5c2
... it works ...
On Mon, Sep 11, 2017 at 12:16:23PM +0200, Tom van der Woerdt wrote:
> Looks fine, you're getting NXDOMAIN, not SERVFAIL.
>
> What do you expect a DNS query for a .onion to return?
>
>
> Op 11/09/2017 om 11:23 schreef C. L. Martinez:
> > Hi all,
> >
> > I am trying to figure out the best way to handle DNS requests to both clearnet and Tor onionland. Currently, I am using two virtual machines (both FreeBSD 11 based): one used as my internal DNS resolver and the other is a FreeBSD's tor gateway.
> >
> > My unbound.conf's file in my internal DNS (unbound) is:
> >
> > server:
> > do-tcp: no
> > do-not-query-localhost: no
> > domain-insecure: "onion"
> > private-domain: "onion"
> >
> > forward-zone:
> > name: "onion"
> > forward-addr: 172.22.56.4 at 1053
> >
> > And my FreeBSD's Tor gateway (172.22.56.4) is running Tor's DNS resolver:
> >
> > USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
> > _tor tor 89238 5 tcp4 127.0.0.1:9050 *:*
> > _tor tor 89238 6 udp4 *:1053 *:*
> > _tor tor 89238 7 tcp4 127.0.0.1:9040 *:*
> > root sendmail 40917 4 tcp4 127.0.0.1:25 *:*
> > root sshd 47802 4 tcp4 172.22.56.4:22 *:*
> >
> > .. but If I try to resolve any .onion domain from my Unbound's internal DNS server it doesn't works:
> >
> > Server: 127.0.0.1
> > Address: 127.0.0.1#53
> >
> > ** server can't find protonirockerxow.onion: NXDOMAIN
> >
> > Any idea?? What is it wrong with my config?
> >
> > Thanks.
> >
--
Greetings,
C. L. Martinez
More information about the tor-talk
mailing list