[Feature] Tor DNS (simplified) #469
Description
Description
Currently DNS works out-of-the-box if you force the issue with DNS over TCP port 53 (resolv.conf: options use-vc).
However this is not the correct way to approach DNS with Tor - this could also lead to privacy violations as DNS is not sent over the same circuit as the eventual access to the destination.
There is remote DNS development work with #374
This is also overkill with Tor.
Tor has internal DNS mappings with
AutomapHostsSuffixes .
AutomapHostsOnResolve 1
VirtualAddrNetworkIPv4 10.192.0.0/10
And also Tor implements special RESOLVE command for their socks5 spec: ( https://spec.torproject.org/socks-extensions.html#name-lookup )
As an extension to SOCKS4A and SOCKS5, Tor implements a new command value, “RESOLVE” ([F0]). When Tor receives a RESOLVE SOCKS command, it initiates a remote lookup of the hostname provided as the target address in the SOCKS request. The reply is either an error (if the address couldn’t be resolved) or a success response. In the case of success, the address is stored in the portion of the SOCKS response reserved for remote IP address.
(We support RESOLVE in SOCKS4 too, even though it is unnecessary.)
For SOCKS5 only, we support reverse resolution with a new command value, RESOLVE_PTR ([F1]). In response to a RESOLVE_PTR SOCKS5 command with an IPv4 address as its target, Tor attempts to find the canonical hostname for that IPv4 record, and returns it in the “server bound address” portion of the reply. (This command was not supported before Tor 0.1.2.2-alpha.)
This would greatly simply the solution to DNS resolution with Tor.
This feature request is for a special tor-automap-dns flag for tun2socks which would intercept port 53 DNS requests (or listen on UDP 127.0.0.1:53 - complicated because root may be required...) and handle them with tor's socks5 RESOLVE. No need for any internal mappings.