Skip to content
Bridge between Tor Prop279 clients and DNS servers
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Tor Prop279 Provider for DNS

dns-prop279 acts as a bridge between Tor Prop279 clients and DNS servers. It is designed to be used for Namecoin naming in Tor. dns-prop279 is a fork of Miek Gieben's excellent q tool.


You need TorNS in order to use dns-prop279. You also need a DNS server such as ncdns. Your TorNS services configuration might look like this:

_service_to_command = {
    "bit.onion": ['/path/to/dns-prop279', '-port', '5391', '@'],
    "bit": ['/path/to/dns-prop279', '-port', '5391', '@'],

Security Notes

  • dns-prop279 hasn't been carefully checked for proxy leaks.
  • Using dns-prop279 will make you stand out from other Tor users.
  • Stream isolation for streams opened by applications (e.g. Tor Browser) should work fine. However, stream isolation metadata won't propagate to streams opened by the DNS server. That means you should only use dns-prop279 with a DNS server that will not generate outgoing traffic when you query it. ncdns is probably fine as long as it's using a full-block-receive Namecoin node such as Namecoin Core or libdohj-namecoin in leveldbtxcache mode. Unbound is not a good idea.
  • Nothing in dns-prop279 prevents the configured DNS server from caching lookups. If lookups are cached, this could be used to fingerprint users. ncdns has caching enabled by default.
  • DNSSEC support hasn't been tested at all, and is probably totally unsafe right now. Only use dns-prop279 when you fully trust the configured DNS server and your network path to it.
  • This whole thing is highly experimental! Please test it and give feedback, but don't rely on it behaving correctly.

Original miekg/exdns README

Build Status BSD 2-clause license

Examples made with Go DNS

This repository has a bunch of example programs that are made with the Go package.

Currently they include:

  • as112: an AS112 black hole server
  • chaos: show DNS server identity
  • check-soa: check the SOA record of zones for all nameservers
  • q: dig-like query tool
  • reflect: reflection nameserver
You can’t perform that action at this time.