bug#24212: please add SOCKS support and enforced TCP to enable DNS resolution through Tor
Werner Koch
wk at gnupg.org
Mon Sep 5 16:32:05 BST 2016
On Mon, 5 Sep 2016 12:47, ijackson at chiark.greenend.org.uk said:
> Changes I intend to make are:
>
> * In the configuration and initialisation code, replace the Tor
> specific configuration knowledge with a resolv.conf option to use
> any SOCKS server, called something like `socks_server' or
> `adns_socks_server'. The value would be an IPv4/IPV6 literal, plus
> port number; or, alternatively, a pathname (for use with AF_UNIX,
> SOCK_STREAM).
The code I am using is
cfgstr = xtryasprintf ("nameserver %s\n"
"options adns_tormode adns_sockscred:%s",
tor_nameserver, tor_credentials);
ret = adns_init_strcfg (r_state, adns_if_debug /*adns_if_noerrprint*/,
NULL, cfgstr);
thus it would be easy to adjust.
> (If /all/ adns clients on a host should use the Tor server via
> SOCKS, then putting the socks configuration in the host-wide
> resolv.conf would be appropriate.)
The reason I added explicit Tor options is to make it crystal-clear that
the intention is to use Tor and nothing else. There are not many ADNS
users on Debian and thus I doubt that system wide changes of resolv.conf
are very useful.
> I don't have an easy way to test this code. If I send you a reference
> to a git branch, would you be able to test it for me ?
Sure.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
/* Join us at OpenPGP.conf <https://openpgp-conf.org> */
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 162 bytes
Desc: not available
URL: <http://www.chiark.greenend.org.uk/pipermail/adns-discuss/attachments/20160905/c796d7db/attachment.sig>
More information about the adns-discuss
mailing list