dns-prop279 acts as a bridge between Tor Prop279 clients and DNS servers. It is designed to be used for Namecoin naming in Tor. dns-prop279 is a fork of Miek Gieben's excellent q tool.
You need TorNS in order to use dns-prop279. You also need a DNS server such as ncdns. Your TorNS services configuration might look like this:
_service_to_command = {
"bit.onion": ['/path/to/dns-prop279', '-port', '5391', '@127.0.0.1'],
"bit": ['/path/to/dns-prop279', '-port', '5391', '@127.0.0.1'],
}
dns-prop279hasn't been carefully checked for proxy leaks.- Using
dns-prop279will make you stand out from other Tor users. - Stream isolation for streams opened by applications (e.g. Tor Browser) should work fine. However, stream isolation metadata won't propagate to streams opened by the DNS server. That means you should only use
dns-prop279with a DNS server that will not generate outgoing traffic when you query it. ncdns is probably fine as long as it's using a full-block-receive Namecoin node such as Namecoin Core or libdohj-namecoin in leveldbtxcache mode. Unbound is not a good idea. - Nothing in
dns-prop279prevents the configured DNS server from caching lookups. If lookups are cached, this could be used to fingerprint users. ncdns has caching enabled by default. - DNSSEC support hasn't been tested at all, and is probably totally unsafe right now. Only use
dns-prop279when you fully trust the configured DNS server and your network path to it. - This whole thing is highly experimental! Please test it and give feedback, but don't rely on it behaving correctly.
This repository has a bunch of example programs that are made with the https://github.com/miekg/dns Go package.
Currently they include:
as112: an AS112 black hole serverchaos: show DNS server identitycheck-soa: check the SOA record of zones for all nameserversq: dig-like query toolreflect: reflection nameserver