Changes between Version 25 and Version 26 of doc/Preventing_Tor_DNS_Leaks


Ignore:
Timestamp:
Oct 16, 2010 9:02:27 AM (4 years ago)
Author:
cypherpunks
Comment:

add info about torsocks and disabling DNS prefetching

Legend:

Unmodified
Added
Removed
Modified
  • doc/Preventing_Tor_DNS_Leaks

    v25 v26  
    3333= What are some methods I can use to rectify this problem? = 
    3434 
    35 If your application supports HTTP proxies, then use Privoxy. Privoxy opens port 8118 on localhost, and the versions shipped with Tor come preconfigured to forward traffic via Tor using SOCKS 4a. This is good, because using SOCKS 4a causes DNS requests to be made remotely, and therefore does not leak DNS. So if you set it up properly, Privoxy does not leak DNS at all.  
     35If your application does DNS prefetching, turn it off. In Firefox, type `about:config` in the location bar and change '''network.dns.disablePrefetch''' to '''true'''. For Konqueror or Akregator, add the line 
     36{{{ 
     37DNSPrefetch=false 
     38}}} 
     39under the `[HTML Settings]` header in `$HOME/.kde/share/config/kdeglobals` (if the header `[HTML Settings]` doesn't already exist, you can add it to the end of the file). 
     40 
     41[wiki:TheOnionRouter/TorifyHOWTO#Abouttorsocks Torsocks] is probably the best way to ensure that all of an application's network traffic passes through Tor. Torsocks can prevent DNS leakage due to things like DNS prefetching or binary plugins that generate their own network traffic, whereas HTTP or SOCKS proxies cannot prevent these kinds of leaks. (On the other hand, proxies like Privoxy can be configured to send only certain traffic through Tor, whereas Torsocks forces all traffic through Tor.) 
     42 
     43If your application supports HTTP proxies, you might consider using Privoxy. Privoxy listens on localhost port 8118, and the versions shipped with Tor come preconfigured to forward traffic via Tor using SOCKS 4a. This is good, because using SOCKS 4a causes DNS requests to be made remotely, and therefore does not leak DNS. So if you set it up properly, Privoxy ''itself'' does not leak DNS at all. Note however, as mentioned above, that poorly behaved applications may still leak DNS even if configured to send traffic through Privoxy. If you wish to use a web-browser-like application with Privoxy, you may also want to run it with Torsocks if you want to ensure that any stray traffic gets sent through Tor. 
    3644 
    3745If your application supports SOCKS 4a, then configure it to use a SOCKS 4a proxy at localhost, port 9050. However, it is important to note that this does not always work. Sometimes applications are written with poor SOCKS 4a functionality, even if they list it as an option. This results in DNS leaks.