[tor-talk] Using unbound to resolve .onion domains

C. L. Martinez carlopmart at gmail.com
Mon Sep 11 09:45:49 UTC 2017


To resolve Tor's hostnames like for example ProtonMail. For example, If I do a query from FreeBSD's Tor gateway:

root at torbsdgw:/var/log/tor # !345
tor-resolve protonirockerxow.onion
fe8d:ecdb:dc62:f60:6eda:15ea:39d9:b5c2

 ... it works ... 

On Mon, Sep 11, 2017 at 12:16:23PM +0200, Tom van der Woerdt wrote:
> Looks fine, you're getting NXDOMAIN, not SERVFAIL.
> 
> What do you expect a DNS query for a .onion to return?
> 
> 
> Op 11/09/2017 om 11:23 schreef C. L. Martinez:
> > Hi all,
> > 
> >  I am trying to figure out the best way to handle DNS requests to both clearnet and Tor onionland. Currently, I am using two virtual machines (both FreeBSD 11 based): one used as my internal DNS resolver and the other is a FreeBSD's tor gateway.
> > 
> >  My unbound.conf's file in my internal DNS (unbound) is:
> > 
> > server:
> > 	do-tcp: no
> > 	do-not-query-localhost: no
> >         domain-insecure: "onion"
> >         private-domain: "onion"
> > 
> > forward-zone:
> >         name: "onion"
> >         forward-addr: 172.22.56.4 at 1053
> > 
> >  And my FreeBSD's Tor gateway (172.22.56.4) is running Tor's DNS resolver:
> > 
> > USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS      
> > _tor     tor        89238 5  tcp4   127.0.0.1:9050        *:*
> > _tor     tor        89238 6  udp4   *:1053                *:*
> > _tor     tor        89238 7  tcp4   127.0.0.1:9040        *:*
> > root     sendmail   40917 4  tcp4   127.0.0.1:25          *:*
> > root     sshd       47802 4  tcp4   172.22.56.4:22        *:*
> > 
> >  .. but If I try to resolve any .onion domain from my Unbound's internal DNS server it doesn't works:
> > 
> > Server:         127.0.0.1
> > Address:        127.0.0.1#53
> > 
> > ** server can't find protonirockerxow.onion: NXDOMAIN
> > 
> >  Any idea?? What is it wrong with my config?
> > 
> > Thanks.
> > 

-- 
Greetings,
C. L. Martinez


More information about the tor-talk mailing list