oxeo0/opsec-blogposts
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/opsec-blogposts.git synced 2025-06-08 07:29:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

dns over tor and wordings

Browse source
This commit is contained in:
cynthia 2025-06-04 14:46:17 +01:00
parent d45dfc02cf
commit 8bf1477176
1 changed files with 60 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

61
dnscrypt/index.md
View file

@ -146,7 +146,7 @@ We'll be using `dnscrypt-proxy` for this section of the tutorial, which offers s
root@localhost:/opt/dnscrypt-proxy# mv linux-x86_64/* . root@localhost:/opt/dnscrypt-proxy# mv linux-x86_64/* .
root@localhost:/opt/dnscrypt-proxy# rmdir linux-x86_64 root@localhost:/opt/dnscrypt-proxy# rmdir linux-x86_64
``` ```
5. Disable any other DNS resolvers running. You can check with `ss -lp 'sport = :domain'`. 5. Disable any other DNS resolvers currently running. You can check with `ss -lp 'sport = :domain'`.
Our example machine is currently running `systemd-resolved`, so we will disable and stop that. Our example machine is currently running `systemd-resolved`, so we will disable and stop that.
```bash ```bash
@ -289,4 +289,63 @@ routes = [
### DNS over Tor ### DNS over Tor
1. Install Tor.
```bash
root@localhost:~# apt install tor
```
2. Edit Tor's configuration file to make it listen locally on a DNS port.
```bash
root@localhost:~# vim /etc/tor/torrc
```
Add this to the file:
```
DNSPort 53
```
3. Disable any other DNS resolvers currently running. You can check with `ss -lp 'sport = :domain'`.
Our example machine is currently running `systemd-resolved`, so we will disable and stop that.
```bash
root@localhost:~# systemctl stop systemd-resolved
root@localhost:~# systemctl disable systemd-resolved
```
4. Backup the existing `resolv.conf`, and make a new one configuring the system to resolve DNS queries through Tor
```bash
root@localhost:~# mv /etc/resolv.conf /etc/resolv.conf.bak
root@localhost:~# vim /etc/resolv.conf
```
The contents of `/etc/resolv.conf` should be written like this:
```
nameserver 127.0.0.1
```
5. Start up Tor.
```bash
root@localhost:~# systemctl start tor
```
6. Now try pinging a site to test out if the Tor DNS works.
```bash
root@localhost:~# ping example.com
```
If you get something like:
```
PING example.com (23.192.228.80) 56(84) bytes of data.
64 bytes from a23-192-228-80.deploy.static.akamaitechnologies.com (23.192.228.80): icmp_seq=1 ttl=255 time=190 ms
64 bytes from 23.192.228.80 (23.192.228.80): icmp_seq=2 ttl=255 time=190 ms
```
Then, congratulations, Tor's DNS is now working.
If it doesn't work or says something like `ping: example.com: Temporary failure in name resolution`, try restarting Tor and try again.