Proper TOR DNS Configuration Testing Help

Mike Cardwell tor at
Tue Jan 1 12:52:09 UTC 2008

Mark Manning wrote:
> That's awesome!  That's exactly how I was thinking but to be honest I 
> wasn't sure how to implement the background service that ties the query 
> logs to the web server. 
> If it wouldn't take too long, do you think you could talk about the 
> specifics a little bit more?

1.) You visit

2.) The cgi generates a unique code. In this case, a 32 character 
alphanumeric string. It then spits out some html containing several 
triggers to try and make the web browser do a dns lookup on 
"$" where $code is replaced by the unique 
id it just generated. The triggers are inside the <head></head> and are:

<link rel="stylesheet" type="text/css" 
href="http://$" />
<link rel="shortcut icon" type="image/x-icon" 
href="http://$" />
<script type="text/javascript" 

3.) A meta refresh then refreshes the page and adds ?code=$code to the 
uri arguments.

4.) When the page is reloaded it "asks" a separate process that I will 
describe in a moment, whether or not it knows the IP that did the lookup 
of $, and if so it displays it.

5.) There is a separate process written in perl, which uses File::Tail 
to monitor the bind query log. It's a threaded application. One thread 
tails the log looking for entries like $ 
When it comes across any, it stores the code and the ip together in a 
shared variable, for up to 10 minutes

6.) The second thread accepts incoming socket connections. Basically, 
the torcheck.cgi script makes a tcp connection to the app tailing the 
log file and writes $code to it, and the app then returns the IP address 
and closes the connection.

The gopher request works in a similar fashion. The trigger is:

<img src="gopher://$code" width="0" height="0" />

Then I have another application listening on the gopher port looking for 
requests like "/torgophertest/$code" and then linking $code with the 
client IP. Then it makes the information available to the cgi via the 
same socket method.

I hope that all makes sense.


More information about the tor-talk mailing list