From 4892f9353136baf0b00974fdb02176ca784498ff Mon Sep 17 00:00:00 2001
From: Nathan Freitas <nathan@freitas.net>
Date: Mon, 7 Mar 2016 13:52:52 -0500
Subject: [PATCH] DNS lookup through pdnsd should loop back into Tor DNS port
 While the TCP query to Google DNS before provided more robust DNS services,
 it could still leak outside the VPN service based on platform version and
 other circumstances. By using PDNSD as a proxy back into Tor's limited DNS
 service, we ensure DNS does not leak.

---
 res/values/pdnsd.xml                                | 3 ++-
 src/org/torproject/android/service/TorService.java  | 5 ++++-
 src/org/torproject/android/vpn/OrbotVpnService.java | 6 ++++--
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/res/values/pdnsd.xml b/res/values/pdnsd.xml
index cb4e8025..42834d26 100644
--- a/res/values/pdnsd.xml
+++ b/res/values/pdnsd.xml
@@ -6,12 +6,13 @@ global {
 	cache_dir="/data/data/org.torproject.android/app_bin";
 	server_port = 8091;
 	server_ip = 0.0.0.0;
-	query_method=tcp_only;
+	query_method=udp_only;
 	min_ttl=15m;
 	max_ttl=1w;
 	timeout=10;
 	daemon=on;
 	pid_file="/data/data/org.torproject.android/app_bin/pdnsd.pid";
+	
 }
 
 server {
diff --git a/src/org/torproject/android/service/TorService.java b/src/org/torproject/android/service/TorService.java
index 627f2e9f..0a66fd4c 100644
--- a/src/org/torproject/android/service/TorService.java
+++ b/src/org/torproject/android/service/TorService.java
@@ -649,7 +649,10 @@ public class TorService extends Service implements TorServiceConstants, OrbotCon
             
         extraLines.append("TransPort ").append(transPort).append('\n');
     	extraLines.append("DNSPort ").append(dnsPort).append("\n");
-	        
+    	
+    	if (Prefs.useVpn())
+    		extraLines.append("DNSListenAddress 0.0.0.0").append('\n');
+    	
         if (Prefs.transparentTethering())
         {
             extraLines.append("TransListenAddress 0.0.0.0").append('\n');
diff --git a/src/org/torproject/android/vpn/OrbotVpnService.java b/src/org/torproject/android/vpn/OrbotVpnService.java
index c9247c29..c5f6b828 100644
--- a/src/org/torproject/android/vpn/OrbotVpnService.java
+++ b/src/org/torproject/android/vpn/OrbotVpnService.java
@@ -78,7 +78,9 @@ public class OrbotVpnService extends VpnService implements Handler.Callback {
     private final static boolean mIsLollipop = Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP;
     
     //this is the actual DNS server we talk with over TCP/IP
-    private final static String DEFAULT_ACTUAL_DNS = "8.8.8.8";//use Google here, or 8.8.4.4 as backup?
+    private final static String DEFAULT_ACTUAL_DNS_HOST = "127.0.0.1";//"8.8.8.8";//use Google here, or 8.8.4.4 as backup?
+    private final static int DEFAULT_ACTUAL_DNS_PORT = TorServiceConstants.TOR_DNS_PORT_DEFAULT;
+    
     private boolean isRestart = false;
     
 
@@ -288,7 +290,7 @@ public class OrbotVpnService extends VpnService implements Handler.Callback {
 	    			}
 	    			
 	    			//start PDNSD daemon pointing to OpenDNS
-	    			startDNS(DEFAULT_ACTUAL_DNS,53);
+	    			startDNS(DEFAULT_ACTUAL_DNS_HOST,DEFAULT_ACTUAL_DNS_PORT);
 	    			
 		    		final String vpnName = "OrbotVPN";
 		    		final String localhost = "127.0.0.1";