wiki:doc/LinuxDNSresolverForOnions

This is a simple HOWTO to allow any program in Linux to resolve Onion addresses seamlessly, without proxy settings. I have been running this for over a year, and currently 10 HS nodes. This, however, is EXPERIMENTAL.

The reason for this, is I wanted to run Node-Red and other applications and send data via Tor, while still being able to communicate with my Node-Red instance locally. Other programs I also use don't always have settings to add Proxy settings. Using this modification, using the local proxy is no longer needed, as the underlying resolver does that for you.

Hazards: Standard IP queries go through the standard network. In other words, if something in [key].onion calls to google.com, the call to google goes through your NON-Tor link. DNS is also similarly NOT PROTECTED, unless you are using a [dns server].onion , and put that in your resolver.

To get started:

  1. Get the following packages (Ubuntu, Debian)

sudo apt-get install tor iptables dnsmasq dnsutils
  1. Add the following to the /etc/tor/torrc file

VirtualAddrNetworkIPv4 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 53
DNSListenAddress 127.0.0.2
  1. Restart Tor

sudo service tor restart
  1. Edit /etc/dnsmasq.conf and add the following:

listen-address=127.0.0.1
resolv-file=/etc/realresolv.conf
server=/onion/127.0.0.2
  1. Make a new file, called /etc/realresolv.conf . Add this in the file:

nameserver 8.8.8.8 (or whatever DNS server you choose)
  1. Restart DNSmasq:

sudo service dnsmasq restart
  1. Run the IPtables firewall update for redirection

sudo iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports 9040
  1. Also, this script must be run at every boot, so add this in /etc/rc.local, ABOVE the "exit 0"

/sbin/iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports 9040
Last modified 18 months ago Last modified on Jul 29, 2016, 5:09:05 PM