transparent forced dns-'proxy' on Exit-Node - is it ok?

Peter Palfrader peter at palfrader.org
Wed Jan 10 03:12:10 UTC 2007


On Tue, 09 Jan 2007, herfel at gmx.net wrote:

> Hello,
> 
> for reasons that are not relevant to the question, my tor-node
> 'cannot' function as an exit-node. However I was thinking that it
> would be possible for me, to use iptables to force-route all outgoing
> dns-requests from the tor-IP to my local dns-server

Don't.

Just do not exit to port 53, so nobody will try to tunnel their DNS
requests over Tor through you - tho I doubt many, if any, do this.

For the things Tor does resolve itself (like with normal exit requests
to say slashdot.com:80) just make sure your system can do DNS resolves
with the usual gethostbyname() libc call.  Or, if you are on 0.1.2.*
that your etc/resolv.conf has servers in it that work.

Peter
-- 
                           |  .''`.  ** Debian GNU/Linux **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/



More information about the tor-talk mailing list