adns and TOR

[Werner Koch]

On Wed, 21 Oct 2015 13:29, ijackson at chiark.greenend.org.uk said:

> which adns lets you provide a different one of).  To use the TOR
> resolver you're going to have to specify nameservers anyway, so you
> already have a custom resolv.conf, presumably.

Right, this is the current code

  if (tor_mode? adns_init_strcfg (&state, adns_if_noerrprint|adns_if_tormode,
                                  NULL, "nameserver 8.8.8.8")
      /*    */: adns_init (&state, adns_if_noerrprint, NULL))

changing this to an config option would be fairly easy.

> The init flags are for properties of the application's interaction
> with the adns API, not really for how to configure where DNS data
> comes from.  The latter is defined in the config file.

Okay.  However, the flags are part of the public API - at least they
seem to be.

> I guess I meant: is it intended that every application program which
> one might want to use to access a TOR service would have to be patched
> to know about TOR, specifically ?

There is this torsocks script which LD_PRELOADs a wrapper to intercept
all network related calls to send them to Tor or returns an error.  For
most use cases this is fine but Dirmngr is GnuPG network access module
and a background process which is designed to properly control access to
the network.  Thus for this and other heavy network users integrated Tor
support seems to be better.

> But I don't know how SOCKS is usually configured.  How do you normally
> tell a SOCKSified client program where to find its SOCKS server ?

Clicking somehwere ;-).  Maybe there is an envar similar to http_proxy
but I don't know for sure.

> (For that matter, in the TOR context, how do you tell an application
> to use a different resolver?)

Usually Tor does its own thing as Jake explained in his mail. Dirmngr
however needs to take care of the keyserver pools and thus need to
figure out the IP addresses.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.