TOR and DNS

Discussion in 'privacy technology' started by acknsyn, Aug 11, 2007.

Thread Status:
Not open for further replies.
  1. acknsyn

    acknsyn Registered Member

    Joined:
    Aug 10, 2007
    Posts:
    27
    Is there a way to get tor or privoxy to consult the local host file for dns before launching a dns request? My setup is browser->privoxy->tor.
     
  2. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi acknsyn :)


    The HOSTS file is always checked before a DNS request with or without Tor.

    Is it possible that your browser makes DNS request anyway?
    This happen if the browser connection parameters are not correctly setup and... if you have some extensions making connections for updates or other purpose...

    With Firefox you may create a new profile reserved for Tor and add the Extension TorButton ...

    :)
     
  3. acknsyn

    acknsyn Registered Member

    Joined:
    Aug 10, 2007
    Posts:
    27
    Mozilla is setup to use Privoxy as proxy for all protocols and privoxy is configured to forward everything to tor with this command:
    forward-socks4a / localhost:9050 .

    For instance, i have a website setup to resolve to 127.0.0.1, yet I can still visit the site using tor.
     
  4. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi acknsyn :)

    Yes: you're absolutly right!

    Here's the solution with Privoxy (in Privoxy Manual)

    file://localhost/C:/Program%20Files/Vidalia%20Bundle/Privoxy/doc/faq/misc.html#HOSTSFILE

    « 4.23. Should I continue to use a "HOSTS" file for ad-blocking?

    One time-tested technique to defeat common ads is to trick the local DNS system by giving a phony IP address for the ad generator in the local HOSTS file, typically using 127.0.0.1, aka localhost. This effectively blocks the ad.

    There is no reason to use this technique in conjunction with Privoxy. Privoxy does essentially the same thing, much more elegantly and with much more flexibility. A large HOSTS file, in fact, not only duplicates effort, but may get in the way. It is recommended to remove such entries from your HOSTS file. If you think your hosts list is neglected by Privoxy's configuration, consider adding your list to your user.action file:

    { +block }
    www.ad.example1.com
    ad.example2.com
    ads.galore.example.com
    etc.example.com

    »

    :)
     
  5. acknsyn

    acknsyn Registered Member

    Joined:
    Aug 10, 2007
    Posts:
    27
    I was intending to use the host file for static ip mapping for sites I frequent. I thought that it would speed things up a little and cause less traffic to the tor network.
     
  6. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi acknsyn :)

    This may avoid some DNS requests throught Tor but I'm not sure this have any impact on the performances of your web surfing... The speed depends on many factors ... If there a "slow motion" onion in the path used to connect to the web site the DNS request will make few difference...

    The speed on Tor is based on the speed allowed (the bandwith) in your setup.
    I know it's possible to choose some fast nodes in the torrc file.

    "
    entrynodes nickname,nickname,...
    A list of preferred nodes to use for the first hop in the circuit, if possible.

    exitnodes nickname,nickname,...
    A list of preferred nodes to use for the last hop in the circuit, if possible.

    excludenodes nickname,nickname,...
    A list of nodes to never use when building a circuit.
    "


    http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#torrc

    I'm not sure if this can make a real difference in the Tor performances...

    Hope this help.

    :)
     
  7. acknsyn

    acknsyn Registered Member

    Joined:
    Aug 10, 2007
    Posts:
    27
    "...the exit node resolves the address as necessary, and opens a new TCP connection to the target port. If the address cannot be resolved, or a connection can't be established, the exit node replies with a RELAY_END cell."

    It depends if the exit node is using dns cache/if the site your visiting is already cached. So it may make a difference.
     
Loading...
Thread Status:
Not open for further replies.