Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] DNS+TLS

discuss AT

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] DNS+TLS

Chronological Thread 
  • From: Jacob Bachmeyer <jcb62281 AT>
  • To: discuss AT
  • Subject: Re: [opennic-discuss] DNS+TLS
  • Date: Wed, 08 May 2019 18:42:35 -0500

Corl3ss wrote:
Jacob Bachmeyer:
Daniel Quintiliani wrote:
Isn't that what's built into Tor Browser?
No, Tor does DNS resolution on its own, by asking the exit node to
perform name lookups.

Yes, it is true for the default configuration of the Tor browser, but
tor itself can be used many other ways (and without being a DNS proxy)

Correct, and I use it in some of these ways. That why I mentioned "easily" -- I can see a way to use OpenNIC with Tor, even *through* Tor, but this isn't something the default configurations support and requires additional software, patching Tor, or both.

This is the reason that OpenNIC cannot be (easily)
used with Tor: the exit node's DNS configuration determines what names
are resolvable and the Tor network currently is sticking to the ICANN
root simply to avoid unstable resolutions if different exit nodes use
different DNS roots.

Put another way, Tor does not use your DNS configuration at all.

The Tor browser can be used with any DNS configuration by removing
"Proxy DNS when using SOCKS V5" option in the network settings.

This works, but leaks your DNS queries rather than routing them through Tor and will probably also break access to hidden services, which must be "resolved" through Tor's DNS proxy because they aren't actually in the DNS.

-- Jacob

Archive powered by MHonArc 2.6.19.

Top of Page