[tor-commits] [orbot/master] DNS lookup through pdnsd should loop back into Tor DNS port
n8fr8 at torproject.org
n8fr8 at torproject.org
Wed Mar 9 19:51:59 UTC 2016
commit 4892f9353136baf0b00974fdb02176ca784498ff
Author: Nathan Freitas <nathan at freitas.net>
Date: Mon Mar 7 13:52:52 2016 -0500
DNS lookup through pdnsd should loop back into Tor DNS port
While the TCP query to Google DNS before provided more robust DNS services,
it could still leak outside the VPN service based on platform version
and other circumstances. By using PDNSD as a proxy back into Tor's limited DNS
service, we ensure DNS does not leak.
---
res/values/pdnsd.xml | 3 ++-
src/org/torproject/android/service/TorService.java | 5 ++++-
src/org/torproject/android/vpn/OrbotVpnService.java | 6 ++++--
3 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/res/values/pdnsd.xml b/res/values/pdnsd.xml
index cb4e802..42834d2 100644
--- a/res/values/pdnsd.xml
+++ b/res/values/pdnsd.xml
@@ -6,12 +6,13 @@ global {
cache_dir="/data/data/org.torproject.android/app_bin";
server_port = 8091;
server_ip = 0.0.0.0;
- query_method=tcp_only;
+ query_method=udp_only;
min_ttl=15m;
max_ttl=1w;
timeout=10;
daemon=on;
pid_file="/data/data/org.torproject.android/app_bin/pdnsd.pid";
+
}
server {
diff --git a/src/org/torproject/android/service/TorService.java b/src/org/torproject/android/service/TorService.java
index 627f2e9..0a66fd4 100644
--- a/src/org/torproject/android/service/TorService.java
+++ b/src/org/torproject/android/service/TorService.java
@@ -649,7 +649,10 @@ public class TorService extends Service implements TorServiceConstants, OrbotCon
extraLines.append("TransPort ").append(transPort).append('\n');
extraLines.append("DNSPort ").append(dnsPort).append("\n");
-
+
+ if (Prefs.useVpn())
+ extraLines.append("DNSListenAddress 0.0.0.0").append('\n');
+
if (Prefs.transparentTethering())
{
extraLines.append("TransListenAddress 0.0.0.0").append('\n');
diff --git a/src/org/torproject/android/vpn/OrbotVpnService.java b/src/org/torproject/android/vpn/OrbotVpnService.java
index c9247c2..c5f6b82 100644
--- a/src/org/torproject/android/vpn/OrbotVpnService.java
+++ b/src/org/torproject/android/vpn/OrbotVpnService.java
@@ -78,7 +78,9 @@ public class OrbotVpnService extends VpnService implements Handler.Callback {
private final static boolean mIsLollipop = Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP;
//this is the actual DNS server we talk with over TCP/IP
- private final static String DEFAULT_ACTUAL_DNS = "8.8.8.8";//use Google here, or 8.8.4.4 as backup?
+ private final static String DEFAULT_ACTUAL_DNS_HOST = "127.0.0.1";//"8.8.8.8";//use Google here, or 8.8.4.4 as backup?
+ private final static int DEFAULT_ACTUAL_DNS_PORT = TorServiceConstants.TOR_DNS_PORT_DEFAULT;
+
private boolean isRestart = false;
@@ -288,7 +290,7 @@ public class OrbotVpnService extends VpnService implements Handler.Callback {
}
//start PDNSD daemon pointing to OpenDNS
- startDNS(DEFAULT_ACTUAL_DNS,53);
+ startDNS(DEFAULT_ACTUAL_DNS_HOST,DEFAULT_ACTUAL_DNS_PORT);
final String vpnName = "OrbotVPN";
final String localhost = "127.0.0.1";
More information about the tor-commits
mailing list