Multiple OS: Tor Browser leaks domains to system DNS management.
Someone recently posted this bug:
https://trac.torproject.org/projects/tor/ticket/16813
Which describes what appeared to be a serious DNS leak from Tor to the Linux system’s DNS management, nscd.
But the same thing is happening on OS X with mDNSResponder.
The following command: sudo killall -INFO mDNSResponder will dump the contents of the DNS cache to system.log.
And within that I found one site that has only been visited via Tor Browser.
I’m not sure why it was only one after a heavy Tor session, and subsequent attempts to repeat this have not reproduced the problem.
Now I’ve learned this isn’t new, others have commented the same in the past:
I actually tested recent Tor Browser versions quite thoroughly from time to time with tcpdump and inspecting the dump either by grepping for IP addresses other than the expected entry node or inspecting in Wireshark and have never seen a ‘live’ DNS leak from Tor yet.
But it’s difficult to tell from the mDNSResponder dump in system.log if mDNSResponder is sometimes trying to look up domains visited over Tor in clearnet.
The comments in the above 2 links believe that is the case and they recommend mDNSResponder has to be disabled before Tor use.
The entry of the mDNSResponder dump in system log was:
Aug 30 02:29:23 mymachine mDNSResponder[39]: 78 4252 -U- Addr 4 tor-only-visited-site.com Addr 123.123.123.123
Can we get some urgent clarification about how Tor Browser is handling this ?
Is it merely the case that the system DNS service has to have access to sites Tor is connecting to but isn’t actually doing any DNS lookups in the clear but they are just (sometimes?) ending up in its cache?
Or is it the case that if DNS look ups over Tor fail or stall they being passed to the system to ‘have a go’ ? Can we get some answers please, because the information is currently extremely vague.
Note I believe in more recent versions of OS X mDNSResponder has been replaced with a service called discoveryd, but I’m using not using these later versions.
Tor Browser version is the latest 5.02 OS X
Trac:
Username: DrMikeTwiddle