dnscrypt-proxy2 routed through tor
dnscrypt-proxy2 routed through tor
I'm attempting to configure an anonymized DNS service using dnscrypt-proxy2, routed through the Tor network. I believe I have everything needed for it to work, but that does not seem to be the case. The DNS resolution is fine, but it's not being proxied through Tor as desired.
services.resolved.enable = false;
services.dnscrypt-proxy2 = {
enable = true;
settings = {
ipv6_servers = config.networking.enableIPv6;
block_ipv6 = !(config.networking.enableIPv6);
listen_addresses = ["127.0.0.1:53" "[::1]:53"];
force_tcp = true;
use_syslog = false;
odoh_servers = true;
require_dnssec = true;
require_nolog = false;
require_nofilter = true;
anonymized_dns = {
routes = [
{
server_name = "*";
via = ["anon-plan9-dns" "anon-v.dnscrypt.up-ipv4"];
}
];
skip_incompatible = true;
};
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
block_unqualified = true;
block_undelegated = true;
proxy = "socks5://127.0.0.1:9050";
};
};
systemd.services.dnscrypt-proxy2.serviceConfig = {
StateDirectory = "dnscrypt-proxy";
};
useDHCP = false;
enableIPv6 = true;
nameservers = [
"127.0.0.1"
"::1"
];
networkmanager.enable = true;
networkmanager.dns = "none";
services.tor = {
enable = true;
enableGeoIP = false;
torsocks.enable = true;
client = {
enable = true;
};
};
How do you know it's not being proxied? How are you reaching that conclusion?
It's not hiding my real ip from websites such as https://whatismyipaddress.com/. If it was torrified, I'd expect something changing on "am i using tor" websites as well.
Is this whatismyip address on the dns server that should have all its traffic going through tor or just DNS? what is my ip address works by responding with the ip address that is connecting to it. If you are only trying to have dns go over tor what is my ip would respond with a non tor ip address but if all traffic is going through tor then yes something is not working.
Edit: Reading more in depth of your post 100% whatismyipaddress will not return your tor ip. You've just offloaded name resultion ie. www.google.com is 123.123.123.123 ip address. You are still connecting to websites with your ISP ip.
I don't think that's a correct assumption. DNS just resolves domain names to IPs. When you access a website, if the IP isn't in your dns cache, it will look it up and that's the only part that should be going through dnscrypt. The actual request to the site goes to the IP directly. To use TOR across your entire system, it should either be used as a VPN or as a system-wide proxy. Dunno how to set that up though...
You should be able to at least activate logs for dnscrypt and see which DNS entries are being requested. To have a deeper look into your traffic, the only thing I know of is wireshark, which can sniff all your packets. You should be able to observe your DNS request going to dnscrypt, possibly through TOR (I doubt the packet tracing will work, sequence numbers or something should be disrupted by going through TOR), then a request going out to the IP it found over HTTP (port 80) or HTTPS (port 443).