[tor-bugs] #6228 [Tor Hidden Services]: NSS module for .onion DNS name resolution
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sat Jun 23 22:28:52 UTC 2012
#6228: NSS module for .onion DNS name resolution
-------------------------------------+--------------------------------------
Reporter: tux | Owner:
Type: enhancement | Status: new
Priority: minor | Milestone:
Component: Tor Hidden Services | Version:
Keywords: nss,dns,usability,onion | Parent:
Points: | Actualpoints:
-------------------------------------+--------------------------------------
From a usability point of view it'd be great to always have .onion
addresses resolved via Tor - system wide, by default. It'd make .onion
addresses a first-class citizen in the overall web browsing experience.
The idea is to provide a libnss-tor module to by default always resolve
.onion addresses via Tor, with no need for 'torify', proxy configurations
within an application etc. Similar to what libnss-mdns does for .local
addresses for instance.
Thanks to
[https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy this]
I came up with the following setup to achieve the same thing:
* torrc with 'AutomapHostsOnResolve 1', 'DNSPort 53535' and 'TransPort
9040'
* dnsmasq with a 'server=/onion/127.0.0.1!#53535'
* iptables -t nat -A OUTPUT -p tcp -d 127.192.0.0/10 -j REDIRECT --to-
ports 9040
* 'nameserver 127.0.0.1' in /etc/resolv.conf
However having a libnss-tor for that would remove the iptables/dnsmasq
part, which should make it way more convinient for most people. It'd also
make the mapaddress option in the torrc obsolete, I think.
Further things to consider:
* Security implications?
* Does something like libnss exist for other operating systems, too?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6228>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list