Open JeremyRand opened 1 year ago
Potentially useful library for a DNS server: https://github.com/hlandau/madns (it's what we use for ncdns).
Note that using madns verbatim probably won't work since it's designed for authoritative nameservers. But some code can probably be borrowed from madns without issues.
Currently held by the fork system bug
Fixing the bug didn't fix the issue. I still can't see the connect
syscalls that contain the DNS connections
We can support three modes for the tracer's DNS server:
A fourth mode: Connect to a public DNS server (over TCP, TLS, or HTTPS), SOCKSified. This approach is necessary for looking up unusual DNS record types such as TLSA records, since Tor doesn't support these.
Tor already has some of this functionality built in it seems.
When using
AutomapHostsSuffixes .
AutomapHostsOnResolve 1
Both socks5 RESOLVE and DNSPort return an IP immediately, the Tor process maintains a map and has the exit node resolve on connect.
This also seems like the solution that would be just the thing 99.9% of the time.
Perhaps a flag to disable this behavior and have the user figure out TCP DNS if they have some requirements is adequate?
Regarding implementation, listening on a custom port and servicing DNS is probably the simplest and adequate way to do it. However, I'm not sure what is the best way to redirect UDP traffic. Tracing sendto() may be sufficient?
DNS traffic is handled specially by Tor; standard SOCKSification of TCP connections will not work well for DNS traffic. I would suggest the following:
We can support three modes for the tracer's DNS server: