adns and TOR

Ian Jackson ijackson at chiark.greenend.org.uk
Wed Oct 21 22:26:01 CEST 2015


Werner Koch writes ("Re: adns and TOR"):
> On Wed, 21 Oct 2015 13:29, ijackson at chiark.greenend.org.uk said:
> > which adns lets you provide a different one of).  To use the TOR
> > resolver you're going to have to specify nameservers anyway, so you
> > already have a custom resolv.conf, presumably.
> 
> Right, this is the current code
> 
>   if (tor_mode? adns_init_strcfg (&state, adns_if_noerrprint|adns_if_tormode,
>                                   NULL, "nameserver 8.8.8.8")
>       /*    */: adns_init (&state, adns_if_noerrprint, NULL))
> 
> changing this to an config option would be fairly easy.

Right.  So, a config option "socks" with suitable semantics would do ?
I would welcome a patch to do that.  A bit of care ought to be taken
to allow room for likely future extensions (authentication is being
discussed, it seems...)

> > The init flags are for properties of the application's interaction
> > with the adns API, not really for how to configure where DNS data
> > comes from.  The latter is defined in the config file.
> 
> Okay.  However, the flags are part of the public API - at least they
> seem to be.

Indeed.  But the point is that things outside the program can't set
init flags.  Whereas things outside the program _can_ define the
config, for example by setting ADNS_* environment variables.

> > I guess I meant: is it intended that every application program which
> > one might want to use to access a TOR service would have to be patched
> > to know about TOR, specifically ?
> 
> There is this torsocks script which LD_PRELOADs a wrapper to intercept
> all network related calls to send them to Tor or returns an error.
> [...]

So this script ought to set suitable ADNS_* variable so tht naive
programs get an adns configuration which uses the Tor socks proxy for
dns lookups.  Am I right ?

Thanks,
Ian.



More information about the Gnupg-devel mailing list