Tor-DNS: Simple DNS server that uses a Tor SOCKS5 proxy to resolve names

(c) 2013-2019 Bernd Fix >Y<

(c) 2017,2020 Michał Trojnara [email protected]

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see http://www.gnu.org/licenses/.

Introduction

N.B.: The functionality provided by this little application is basically identical to what you get by setting the "DNSPort [address:]port|auto [isolation flags]" parameter in your Tor configuration file. So consider this as a hands-on experiment for Tor proxy communication in Go.

In case you run a torified application (using the torsocks or tsocks helper scripts) and the application in question still uses (domain) names to address computers on the internet, the resulting DNS queries can jeopardize your anonymity if an adversary can monitor your DNS queries to the nameservers.

This little DNS server uses the built-in Tor SOCKS5 functionality to resolve names via the Tor network and therefore helps to ensure your anonymity in the above cases.

Currently the DNS server can only handle very simple queries (like resolving a name or reverse lookup of an IP address), but it can't return other records than those of type "A" (IPv4 addresses), so no "MX", "AAAA", "SOA", "NS" or "TXT" queries are answered at all. This is due to the limitations within the Tor proxy; whenever it is extended, the Tor-DNS service will make use of that new query types.

Prerequisites

This application assumes you have installed Tor on your local computer and that the local Tor relay is up and running as a SOCKS5 proxy.

A detailed help is available at http://torproject.org.

Install

This version ot Tor-DNS is designed for the Go1 release; see http://golang.org for more details.

To build an executable for your platform, change into the source directory and type the following command:

$ go build -o tor-dns

This builds the required executable.

Usage

The program can be run using the following command:

$ sudo ./tor-dns

Because the server is running on the privileged port 53 (domain) it requires root permissions to be run.

The program accepts the following command line arguments:

• -v: verbose output (default: off)
• -D: debug output (default: off)
• -p: UDP port to listen on for DNS requests (default: 53)
• -s: SOCKSv5 proxy used to resolve names (default: ":9050")

The -s option is a two part string seperated by the + character; the first part specifies the network (tcp or unix) to use for connecting to the Tor proxy, the second part specifies the address (format depending on the selected network). If the first part is missing, the network is assumed to be tcp (backwards compatibility). To access the Tor proxy via a Unix domain socket, you can for example specify:

$ sudo ./tor-dns -s "unix+/tmp/tor-proxy.sock"

Things to consider

• Make sure you have stopped any other DNS service on your local machine before starting Tor-DNS.
• Make sure that Tor-DNS is used to resolve local queries by modifying the /etc/resolv.conf file or whatever is appropriate on your platform.