Squid Proxy Causes Unavoidable DNS Leaks
Jack Cummings
jack at mudshark.org
Tue Sep 13 14:49:10 UTC 2005
On Mon, Sep 12, 2005 at 11:53:04AM -0400, u-281 at vif.com wrote:
> Squid can be compiled with the option --disable-internal-dns, and configured to
> use an external dns server (dnsserver). I think replacing the line
> gethostbyname in dnsserver.c by something like spawnv("/usr/bin/tor-resolve",
> buf, localhost:9050, NULL); could do it to use tor network for dns requests.
> Then one could grab the result from tor-resolve and send it back to dnsserver.
> I'm not that fluent in C to accomplish this, but it seems to be a viable
> solution.
I made a sh wrapper around tor-resolve that outputs something that looks like
the output of dnsserver:
--
[jack at needle:jack]$ cat /opt/pkg/squid/libexec/tor-dnsserver
#!/bin/sh
while read addr
do
r=$(tor-resolve $addr)
echo "\$addr 0 $r"
done
--
And in the squid.conf file:
--
...
cache_dns_program /opt/pkg/squid/libexec/tor-dnsserver
#cache_dns_program /opt/pkg/squid/libexec/dnsserver
dns_children 5
...
--
as a first pass, it works, although it does not properly handle failed DNS
requests.
Cheers,
--Jack
--
Jack (John) Cummings http://mudshark.org/
PGP fingerprint: 0774 D073 E386 B70B 6B16 2D2B 1DD8 F8B0 CCF0 FAEE
Now playing on Prime: Bombtrack -- Rage Against the Machine
Now playing on Remedial: Recovering the Satellites -- Counting Crows
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20050913/cccaa847/attachment.pgp>
More information about the tor-talk
mailing list