@bortzmeyer @torproject this allows all old tools to have same level of encryption via Tor without waiting for DoT support. It takes UDP calls

@kushal @torproject Yes, but the proxy itself could as well use regular DoT over Tor, not Socks.

@bortzmeyer @torproject To do anything over Tor I will have to use the SOCKS proxy, isn't?

@kushal @torproject No, I don't think so. DoH works over Tor, I've used it (and Cloudflare even has a .onion), DoT should work as is.

@bortzmeyer
Do you mean that the proxy could accept requests over DoT? As well as making requests over DoT over Tor? Sounds like adding SOCKS support to an ordinary DoT resolver, for outgoing requests, while making sure that clients are not discriminated on origin. Adding a single-hop onion service would make it even better.

Clients would still have to know DoT, something I understand Kushal wants to avoid.
@kushal @torproject

@ln4711 @kushal @torproject No, regular DNS from the end clients to the proxy, and DoT or DoH (over Tor) to the resolver.

@bortzmeyer

Few points: For any call to happen, you will have to use the SOCKS proxy to go over Tor. Next, I think you are asking for the dns-tor-proxy tool to do a DoT/DoH call to the upstream server. Those features will be added. But, even then it will use the SOCKS proxy to make sure calls because we want the data to flow over Tor network.

@ln4711 @torproject

@kushal @torproject Sounds cool, but isn't 1.1.1.1 a pain for Tor! I mean crimeflare was always shit when you use it with tor!

@Decentralize_today @torproject not in my experience (for dns) and you can point the tool to any TCP based public server

@Decentralize_today @kushal @torproject Why do you even need to set any DNS server?Doesn't Tor have its own decentralized DNS resolver which is automatically used when using Tor as SOCKS5 proxy?And I think there's even a setting in the Tor config to make the build-in DNS server available on any port you want.

@nipos you are correct about DNSPort settings in Tor. This tool can be used separately only for DNS queries which includes all RR values. @Decentralize_today @torproject

@kushal
Can it be used on raspberry pi combined with PiHole and Wireguard? All peers should have ad blocking before hopping to tor relays?
@torproject

@danialbehzadi yes there is DNSPort available with @torproject but it reruns only one IP per domain, this one returns all the RR sets.

Sign in to participate in the conversation
dgplug

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!