DNS over Tor

[HulaHoopWhonix]

Hi. Anonymity distro dev here. Your package for interacting with Tor for natively unsupported DNS record types looks interesting. I was wondering how we can use it with arbitrary programs and what DNS servers do you connect to

cc/ @adrelanos

[wpaulino]

You can check out the automatically generated documentation for the tor package here, it only depends on having an active tor node. As for the DNS servers, the default is to connect to soa.nodes.lightning.directory, which is run by us, but it can be overridden with lnd's --tor.dns flag

[Roasbeef]

We only do something special for SRV records which LN uses to bootstrap new nodes to the network. For regular A records, we use the normal SOCKS proxy support for DNS.

As for the fall back, our DNS server enables regular TCP resolution as well. So for Tor, we connect over TPC, then query the DNS server directly. The downside of this approach is that nothing is cached, compared to if we did a regular DNS query over UDP and through the chain of resolvers, etc.

[adrelanos]

Wilmer Paulino:

As for the DNS servers, the default is to connect to soa.nodes.lightning.directory, which is run by us, but it can be overridden with lnd's --tor.dns flag

Is this a special purpose DNS server only usable by lightning participants for getting DNS of lighting servers? Does it only support resolving DNS for a limited amount of domain names (those related to lightning)?

Or is it a general purpose mechanism that could at least in theory be used to resolve SRV DNS requests for any domain name by anyone?

(We of course wouldn't start using your DNS server for arbitrary things without prior permission.)

How could one run its own DNS server? Is it a special or existing DNS server software?

[wpaulino]

Is this a special purpose DNS server only usable by lightning participants for getting DNS of lighting servers? Does it only support resolving DNS for a limited amount of domain names (those related to lightning)?

I believe it is only limited to LN (doesn't seem support recursive requests), though I may be mistaken cc @Roasbeef.

I assume you're interested in using the tor package to query a custom DNS server for non-LN related records. If that's the case, I'd suggest checking out LookupSRV. There you can see how this is done and what things it requires.