bug#24212: please add SOCKS support and enforced TCP to enable DNS resolution through Tor

Werner Koch wk at gnupg.org
Mon Sep 5 16:32:05 BST 2016

On Mon,  5 Sep 2016 12:47, ijackson at chiark.greenend.org.uk said:

> Changes I intend to make are:
>  * In the configuration and initialisation code, replace the Tor
>    specific configuration knowledge with a resolv.conf option to use
>    any SOCKS server, called something like `socks_server' or
>    `adns_socks_server'.  The value would be an IPv4/IPV6 literal, plus
>    port number; or, alternatively, a pathname (for use with AF_UNIX,

The code I am using is

      cfgstr = xtryasprintf ("nameserver %s\n"
                             "options adns_tormode adns_sockscred:%s",
                             tor_nameserver, tor_credentials);
      ret = adns_init_strcfg (r_state, adns_if_debug /*adns_if_noerrprint*/,
                              NULL, cfgstr);

thus it would be easy to adjust.

>    (If /all/ adns clients on a host should use the Tor server via
>    SOCKS, then putting the socks configuration in the host-wide
>    resolv.conf would be appropriate.)

The reason I added explicit Tor options is to make it crystal-clear that
the intention is to use Tor and nothing else.  There are not many ADNS
users on Debian and thus I doubt that system wide changes of resolv.conf
are very useful.

> I don't have an easy way to test this code.  If I send you a reference
> to a git branch, would you be able to test it for me ?




Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
 /* Join us at OpenPGP.conf  <https://openpgp-conf.org> */
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 162 bytes
Desc: not available
URL: <http://www.chiark.greenend.org.uk/pipermail/adns-discuss/attachments/20160905/c796d7db/attachment.sig>

More information about the adns-discuss mailing list