[tor-talk] Using unbound to resolve .onion domains

C. L. Martinez carlopmart at gmail.com
Mon Sep 11 10:24:34 UTC 2017


Nope ...

root at fbsddns:~# dig @172.22.56.4#1053 protonirockerxow.onion 
dig: couldn't get address for '172.22.56.4#1053': not found


On Mon, Sep 11, 2017 at 11:40:40AM +0100, Ben Tasker wrote:
> Your config looks more or less exactly the same as mine (I allow tcp but
> that's the only difference I can see).
> 
> If you do a dig from the unbound server to the BSD gateway do you get a
> result?
> 
> dig @172.22.56.4#1053 protonirockerxow.onion
> 
> On Mon, Sep 11, 2017 at 10:45 AM, C. L. Martinez <carlopmart at gmail.com>
> wrote:
> 
> > To resolve Tor's hostnames like for example ProtonMail. For example, If I
> > do a query from FreeBSD's Tor gateway:
> >
> > root at torbsdgw:/var/log/tor # !345
> > tor-resolve protonirockerxow.onion
> > fe8d:ecdb:dc62:f60:6eda:15ea:39d9:b5c2
> >
> >  ... it works ...
> >
> > On Mon, Sep 11, 2017 at 12:16:23PM +0200, Tom van der Woerdt wrote:
> > > Looks fine, you're getting NXDOMAIN, not SERVFAIL.
> > >
> > > What do you expect a DNS query for a .onion to return?
> > >
> > >
> > > Op 11/09/2017 om 11:23 schreef C. L. Martinez:
> > > > Hi all,
> > > >
> > > >  I am trying to figure out the best way to handle DNS requests to both
> > clearnet and Tor onionland. Currently, I am using two virtual machines
> > (both FreeBSD 11 based): one used as my internal DNS resolver and the other
> > is a FreeBSD's tor gateway.
> > > >
> > > >  My unbound.conf's file in my internal DNS (unbound) is:
> > > >
> > > > server:
> > > >     do-tcp: no
> > > >     do-not-query-localhost: no
> > > >         domain-insecure: "onion"
> > > >         private-domain: "onion"
> > > >
> > > > forward-zone:
> > > >         name: "onion"
> > > >         forward-addr: 172.22.56.4 at 1053
> > > >
> > > >  And my FreeBSD's Tor gateway (172.22.56.4) is running Tor's DNS
> > resolver:
> > > >
> > > > USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN
> > ADDRESS
> > > > _tor     tor        89238 5  tcp4   127.0.0.1:9050        *:*
> > > > _tor     tor        89238 6  udp4   *:1053                *:*
> > > > _tor     tor        89238 7  tcp4   127.0.0.1:9040        *:*
> > > > root     sendmail   40917 4  tcp4   127.0.0.1:25          *:*
> > > > root     sshd       47802 4  tcp4   172.22.56.4:22        *:*
> > > >
> > > >  .. but If I try to resolve any .onion domain from my Unbound's
> > internal DNS server it doesn't works:
> > > >
> > > > Server:         127.0.0.1
> > > > Address:        127.0.0.1#53
> > > >
> > > > ** server can't find protonirockerxow.onion: NXDOMAIN
> > > >
> > > >  Any idea?? What is it wrong with my config?
> > > >
> > > > Thanks.
> > > >
> >
> > --
> > Greetings,
> > C. L. Martinez
> > --
> > tor-talk mailing list - tor-talk at lists.torproject.org
> > To unsubscribe or change other settings go to
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> >
> 
> 
> 
> -- 
> Ben Tasker
> https://www.bentasker.co.uk
> -- 
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Greetings,
C. L. Martinez


More information about the tor-talk mailing list