[tor-talk] Does the Tor DNS transparent proxy code use clients nameservers?

Geoff Down geoffdown at fastmail.net
Wed Oct 25 21:32:35 UTC 2017



On Wed, Oct 25, 2017, at 10:01 PM, Rob van der Hoeven wrote:
> On Wed, 2017-10-25 at 16:50 -0400, Allen wrote:
> > and what happens if you use dig alone to talk directly to tor?
> > something like "dig -p torport hostname +tcp" (see man dig)
> > 
> 
> A good idea, but the Tor daemon expects that all traffic arriving on
> torport has been redirected by iptables. It asks IP tables for the
> original destination, which is not there when you use dig directly with
> torport.
> 
> Rob,

Haven't you answered your own question right there? Dig picks a
nameserver from your /etc/resolv.conf, tries to connect to it, your
kernel magic redirects the request via Tor, so the exit node connects to
the nameserver from /etc/resolv.conf
?
GD


More information about the tor-talk mailing list