Interesting...<br>I just did a test. As root I watched udp traffic using "tcpdump -i eth0 -net -s 65535 udp and host 192.168.XX.XX" <br>and didn't see any DNS request when I used "proxychains firefox <a href="http://check.torproject.org">http://check.torproject.org</a>"<br>
<br>I did see this in the terminal that I launched proxychains from.<br>"<br>build@Janus-Dev-VM:~$ proxychains firefox <a href="http://check.torproject.org">http://check.torproject.org</a><br>ProxyChains-3.1 (<a href="http://proxychains.sf.net">http://proxychains.sf.net</a>)<br>
|DNS-request| <a href="http://check.torproject.org">check.torproject.org</a> <br>|S-chain|-<>-127.0.0.1:9050-<><>-4.2.2.2:53-<><>-OK<br>|DNS-response| <a href="http://check.torproject.org">check.torproject.org</a> is 209.237.247.84<br>
|S-chain|-<>-127.0.0.1:9050-<><>-209.237.247.84:80-<><>-OK<br>"<br><br>Also worth mentioning, at the end of the default proxychains.conf file is:<br>"<br># defaults set to "tor"<br>
socks5 127.0.0.1 9050<br>"<br><br>Perhaps the author did have Tor in mind? <br>When I ran firefox without proxychains, I then say DNS request with tcpdump, as expected.<br><br>Hrm....I think it's working. If I'm wrong, could someone point out the flaw in my testing method?<br>
<br>Thanks!<br><br>- Kyle<br><br><br><div class="gmail_quote">On Mon, Jan 5, 2009 at 11:25 PM, Roger Dingledine <span dir="ltr"><<a href="mailto:arma@mit.edu">arma@mit.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">On Mon, Jan 05, 2009 at 11:11:13PM -0800, Kyle Williams wrote:<br>
> Are you saying that the "proxy_dns" option in the proxychains.conf is in<br>
> fact leaking DNS request?from the proxychains.conf file:<br>
> "<br>
> # Proxy DNS requests - no leak for DNS data<br>
> proxy_dns<br>
> "<br>
><br>
> I thought it would resolve against the specified SOCKS 4/5 proxy. Is this<br>
> not happening?<br>
<br>
</div>Socks doesn't have a notion of resolving. It only has a notion of<br>
connecting (well, and binding, but we don't use that).<br>
<br>
We hacked on our own notion of a 'resolve' socks request:<br>
<a href="https://svn.torproject.org/svn/tor/trunk/doc/spec/socks-extensions.txt" target="_blank">https://svn.torproject.org/svn/tor/trunk/doc/spec/socks-extensions.txt</a><br>
and I'd be surprised if any other projects use our extension.<br>
<font color="#888888"><br>
--Roger<br>
<br>
</font></blockquote></div><br>