From 8bf14771764b44c9285997b8897f599567dd6c4a Mon Sep 17 00:00:00 2001 From: cynthia Date: Wed, 4 Jun 2025 14:46:17 +0100 Subject: [PATCH] dns over tor and wordings --- dnscrypt/index.md | 61 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 60 insertions(+), 1 deletion(-) diff --git a/dnscrypt/index.md b/dnscrypt/index.md index c30755c..c8c749f 100644 --- a/dnscrypt/index.md +++ b/dnscrypt/index.md @@ -146,7 +146,7 @@ We'll be using `dnscrypt-proxy` for this section of the tutorial, which offers s root@localhost:/opt/dnscrypt-proxy# mv linux-x86_64/* . root@localhost:/opt/dnscrypt-proxy# rmdir linux-x86_64 ``` -5. Disable any other DNS resolvers running. You can check with `ss -lp 'sport = :domain'`. +5. Disable any other DNS resolvers currently running. You can check with `ss -lp 'sport = :domain'`. Our example machine is currently running `systemd-resolved`, so we will disable and stop that. ```bash @@ -289,4 +289,63 @@ routes = [ ### DNS over Tor +1. Install Tor. + + ```bash + root@localhost:~# apt install tor + ``` + +2. Edit Tor's configuration file to make it listen locally on a DNS port. + + ```bash + root@localhost:~# vim /etc/tor/torrc + ``` + + Add this to the file: + + ``` + DNSPort 53 + ``` +3. Disable any other DNS resolvers currently running. You can check with `ss -lp 'sport = :domain'`. + Our example machine is currently running `systemd-resolved`, so we will disable and stop that. + + ```bash + root@localhost:~# systemctl stop systemd-resolved + root@localhost:~# systemctl disable systemd-resolved + ``` +4. Backup the existing `resolv.conf`, and make a new one configuring the system to resolve DNS queries through Tor + ```bash + root@localhost:~# mv /etc/resolv.conf /etc/resolv.conf.bak + root@localhost:~# vim /etc/resolv.conf + ``` + + The contents of `/etc/resolv.conf` should be written like this: + + ``` + nameserver 127.0.0.1 + ``` + +5. Start up Tor. + + ```bash + root@localhost:~# systemctl start tor + ``` + +6. Now try pinging a site to test out if the Tor DNS works. + + ```bash + root@localhost:~# ping example.com + ``` + + If you get something like: + + ``` + PING example.com (23.192.228.80) 56(84) bytes of data. + 64 bytes from a23-192-228-80.deploy.static.akamaitechnologies.com (23.192.228.80): icmp_seq=1 ttl=255 time=190 ms + 64 bytes from 23.192.228.80 (23.192.228.80): icmp_seq=2 ttl=255 time=190 ms + ``` + + Then, congratulations, Tor's DNS is now working. + + If it doesn't work or says something like `ping: example.com: Temporary failure in name resolution`, try restarting Tor and try again.