Discuss mailing list

[Jacob Bachmeyer <jcb62281 AT gmail.com>]

Corl3ss wrote:
> Jacob Bachmeyer:
>   
> > Daniel Quintiliani wrote:
> >     
> > > Isn't that what's built into Tor Browser?
> > >   
> > >       
> > No, Tor does DNS resolution on its own, by asking the exit node to
> > perform name lookups.
> >     
>
> Yes, it is true for the default configuration of the Tor browser, but
> tor itself can be used many other ways (and without being a DNS proxy)
>   

Correct, and I use it in some of these ways. That why I mentioned 
"easily" -- I can see a way to use OpenNIC with Tor, even *through* Tor, 
but this isn't something the default configurations support and requires 
additional software, patching Tor, or both.

> > This is the reason that OpenNIC cannot be (easily)
> > used with Tor: the exit node's DNS configuration determines what names
> > are resolvable and the Tor network currently is sticking to the ICANN
> > root simply to avoid unstable resolutions if different exit nodes use
> > different DNS roots.
> >
> > Put another way, Tor does not use your DNS configuration at all.
> >     
>
> The Tor browser can be used with any DNS configuration by removing
> "Proxy DNS when using SOCKS V5" option in the network settings.
>   

This works, but leaks your DNS queries rather than routing them through 
Tor and will probably also break access to hidden services, which must 
be "resolved" through Tor's DNS proxy because they aren't actually in 
the DNS.

-- Jacob