[tor-talk] Duplicating Tor's DNS requests

grarpamp grarpamp at gmail.com
Sat Mar 26 17:54:23 UTC 2016


On 3/26/16, parazyd <parazyd at dyne.org> wrote:
> I'm wondering about duplicating Tor's DNS requests (like, when browsing
> a clearnet website) to another place on my machine.
>
> Basically, I'm running dnscap and with iptables or something similar, I
> would like to copy the DNS requests so dnscap can see them, but the
> important part is that the copied requests do not get through.

dnscap / iptables expects dns protocol, not parsing hostname
resolves out of socks5 protocol on localhost bpf. You need
other tool for that.
Your browser pushes hostnames through tor's socks5 interface,
so tor would need feature to block them internally instead of
sending them out over tor, then you couldn't browse anything.
If you don't want anything leaving but tor, block all and only
leave path to tor's socks5 port on another box / vm... aka: whonix.

You probably want to read / comment / contribute to
DNS portion of this ticket...

# Combine setevents circ and stream
https://trac.torproject.org/projects/tor/ticket/11179


More information about the tor-talk mailing list