Proper TOR DNS Configuration Testing Help

Mark Manning mark.manning at
Wed Jan 2 02:04:20 UTC 2008

  Thanks so much.  That makes perfect sense.

On Jan 1, 2008 7:52 AM, Mike Cardwell <tor at> wrote:

> Mark Manning wrote:
> > That's awesome!  That's exactly how I was thinking but to be honest I
> > wasn't sure how to implement the background service that ties the query
> > logs to the web server.
> >
> > If it wouldn't take too long, do you think you could talk about the
> > specifics a little bit more?
> 1.) You visit
> 2.) The cgi generates a unique code. In this case, a 32 character
> alphanumeric string. It then spits out some html containing several
> triggers to try and make the web browser do a dns lookup on
> "$" where $code is replaced by the unique
> id it just generated. The triggers are inside the <head></head> and are:
> <link rel="stylesheet" type="text/css"
> href="http://$" />
> <link rel="shortcut icon" type="image/x-icon"
> href="http://$" />
> <script type="text/javascript"
> src="http://$"></script>
> 3.) A meta refresh then refreshes the page and adds ?code=$code to the
> uri arguments.
> 4.) When the page is reloaded it "asks" a separate process that I will
> describe in a moment, whether or not it knows the IP that did the lookup
> of $, and if so it displays it.
> 5.) There is a separate process written in perl, which uses File::Tail
> to monitor the bind query log. It's a threaded application. One thread
> tails the log looking for entries like $
> When it comes across any, it stores the code and the ip together in a
> shared variable, for up to 10 minutes
> 6.) The second thread accepts incoming socket connections. Basically,
> the torcheck.cgi script makes a tcp connection to the app tailing the
> log file and writes $code to it, and the app then returns the IP address
> and closes the connection.
> The gopher request works in a similar fashion. The trigger is:
> <img src="gopher://$code" width="0" height="0"
> />
> Then I have another application listening on the gopher port looking for
> requests like "/torgophertest/$code" and then linking $code with the
> client IP. Then it makes the information available to the cgi via the
> same socket method.
> I hope that all makes sense.
> Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the tor-talk mailing list