Open ignoramous opened 3 years ago
Yes please, but only the following types of DNS Records are supported by TorDNS currently, everything else must be forwarded to set DNS or dropped with SERVFAIL
:
AAAA
(IPv6)A
(IPv4)PTR
(Reverse DNS Record)Note that you can set a DNS Proxy (from the DNS Configure page) to forward traffic to local Orbot DNS port.
We should also proxy DoH over Orbot's SOCKS5 port (DoHoT), ref: https://github.com/alecmuffett/dohot/blob/master/INSTALL.md
local Orbot DNS port.
127.0.0.1:5400
Yes please, but only the following types of DNS Records are supported by TorDNS currently, everything else must be forwarded to set DNS or dropped with SERVFAIL
Is it okay to let Tor's DNS reply with servfail
for records it doesn't support?
127.0.0.1:5400
The more I think about it, the more it makes sense for Orbot to pass DNS endpoint to RethinkDNS via its API. The complication really is in getting in a UDP request from the system and then converting it to TCP request to be sent to Orbot's SOCKS5 endpoint. Without connection pooling, this would be pretty inefficient way to deal with something that can otherwise be avoided. Also, it isn't clear how to read DNS responses over SOCKS5 from Orbot, does it implement DNS over TCP protocol...? If it doesn't then that's another added special case to be implemented in code just for Orbot. A complication avoided if Orbot would just communicate to us its local DNS endpoint.
Send a relative straight forward pull-request to Orbot (hopefully, got the change right): https://github.com/guardianproject/orbot/pull/705
Let's see what they've got to say about it. In the meanwhile, we can default to forwarding traffic over localhost:5400
when Orbot is active, I guess?
Today, users need to manually set
DNS Proxy
in the app to forwardDNS
packets to Orbot's DNS endpoint. Cumbersome.Instead, Orbot can handle
DNS
overSOCKS5
, and so, use that. Of course let users choose if they'd want to use split DNS and not forward it to Orbot.Ref #131