adns and TOR
ijackson at chiark.greenend.org.uk
Wed Oct 21 22:26:01 CEST 2015
Werner Koch writes ("Re: adns and TOR"):
> On Wed, 21 Oct 2015 13:29, ijackson at chiark.greenend.org.uk said:
> > which adns lets you provide a different one of). To use the TOR
> > resolver you're going to have to specify nameservers anyway, so you
> > already have a custom resolv.conf, presumably.
> Right, this is the current code
> if (tor_mode? adns_init_strcfg (&state, adns_if_noerrprint|adns_if_tormode,
> NULL, "nameserver 184.108.40.206")
> /* */: adns_init (&state, adns_if_noerrprint, NULL))
> changing this to an config option would be fairly easy.
Right. So, a config option "socks" with suitable semantics would do ?
I would welcome a patch to do that. A bit of care ought to be taken
to allow room for likely future extensions (authentication is being
discussed, it seems...)
> > The init flags are for properties of the application's interaction
> > with the adns API, not really for how to configure where DNS data
> > comes from. The latter is defined in the config file.
> Okay. However, the flags are part of the public API - at least they
> seem to be.
Indeed. But the point is that things outside the program can't set
init flags. Whereas things outside the program _can_ define the
config, for example by setting ADNS_* environment variables.
> > I guess I meant: is it intended that every application program which
> > one might want to use to access a TOR service would have to be patched
> > to know about TOR, specifically ?
> There is this torsocks script which LD_PRELOADs a wrapper to intercept
> all network related calls to send them to Tor or returns an error.
So this script ought to set suitable ADNS_* variable so tht naive
programs get an adns configuration which uses the Tor socks proxy for
dns lookups. Am I right ?
More information about the Gnupg-devel