namecoin / sockstrace

Go port of Heteronculous (ptrace-based proxy leak detector). Outreachy project.
https://www.namecoin.org/
GNU General Public License v3.0
7 stars 3 forks source link

SOCKSification of DNS #49

Open JeremyRand opened 1 year ago

JeremyRand commented 1 year ago

DNS traffic is handled specially by Tor; standard SOCKSification of TCP connections will not work well for DNS traffic. I would suggest the following:

We can support three modes for the tracer's DNS server:

JeremyRand commented 1 year ago

Potentially useful library for a DNS server: https://github.com/hlandau/madns (it's what we use for ncdns).

JeremyRand commented 1 year ago

Note that using madns verbatim probably won't work since it's designed for authoritative nameservers. But some code can probably be borrowed from madns without issues.

robertmin1 commented 1 year ago

Currently held by the fork system bug

robertmin1 commented 1 year ago

Fixing the bug didn't fix the issue. I still can't see the connect syscalls that contain the DNS connections

JeremyRand commented 1 week ago

We can support three modes for the tracer's DNS server:

A fourth mode: Connect to a public DNS server (over TCP, TLS, or HTTPS), SOCKSified. This approach is necessary for looking up unusual DNS record types such as TLSA records, since Tor doesn't support these.

handpickencounter commented 1 week ago

Tor already has some of this functionality built in it seems.

When using

AutomapHostsSuffixes .
AutomapHostsOnResolve 1

Both socks5 RESOLVE and DNSPort return an IP immediately, the Tor process maintains a map and has the exit node resolve on connect.

This also seems like the solution that would be just the thing 99.9% of the time.

Perhaps a flag to disable this behavior and have the user figure out TCP DNS if they have some requirements is adequate?

Regarding implementation, listening on a custom port and servicing DNS is probably the simplest and adequate way to do it. However, I'm not sure what is the best way to redirect UDP traffic. Tracing sendto() may be sufficient?