Playing with Tor

I’ve been using Tor for a while now, and have been tinkering with settings to try to get it work right. One of the many frustrating things is DNS leaking whereby an application resolves DNS using the host DNS and not via Tor. Consequently, since the DNS server of your PoP (Point of Presence) is usually your ISP’s DNS server, or a DNS server maintained by your ISP, they can easily eavesdrop on your surfing behaviour, by simply connecting a DNS query with a traffic stream to that same IP soon afterwards.

Using DNS via Tor is a bit of a pain, but there are various ways I’ve found that seem to work. Some better than others.

Solution 1: Local DNS Host

It is possible to setup Tor to act as a local DNS host by using the “DNSPort 53″ directive within the torrc. However, you will need to run tor (or Vidalia) as root in order to be able to open this port.

Once this is done, you can add 127.0.0.1 to your DNS hosts list in /etc/resolv.conf. To account for when Tor isn’t running, I add my true DNS afterwards so my resolv.conf would be:

nameserver 127.0.0.1
nameserver 192.168.0.1

Which means it should  resolve through Tor first, then my ISP DNS if that fails. Tor DNS only responds to A-records, MX and NS queries return an error.

If you turn on DEBUG level logging in Vidalia, you can test if DNS is working by trying to ping a host and seeing if Tor receives a DNS request.

Solution 2: Wrapper

Probably an easier method than above, is to use a wrapper tool, such as torsocks or proxychains. My preference is proxychains and you’ll see why.

Torsocks, as its name suggests is built by the same group who created tor and wraps the application you pass to it, tunnelling all traffic through tor. However, it seems rather quirky to me, and when used with some apps, it drops out several pages of LD_PRELOAD errors and the application either doesn’t start or starts without access to the net.

Proxychains, similarly wraps an application and tunnels traffic through a proxy (including its DNS queries, by default.) Not specifically Tor, but it does come with its config already setup for Tor and works fine. When you start it up with an application, by default, it shows all the DNS queries it makes (configurable). It also allows you to chain proxies (hence the name) so proxy A to proxy B to proxy C, etc. to make it even harder to follow your traffic. It even allows you to randomise your proxy chains so one request might go A-B-C and the next might go A-C-B.

At the moment I use the DNS method to hide my DNS traffic on most of my linux applications, then use proxychains on anything I specifically want to tunnel through Tor, such as browser sessions or the occasional BitTorrent download.