DNS lookup through pdnsd should loop back into Tor DNS port

While the TCP query to Google DNS before provided more robust DNS services,
it could still leak outside the VPN service based on platform version
and other circumstances. By using PDNSD as a proxy back into Tor's limited DNS
service, we ensure DNS does not leak.
This commit is contained in:
Nathan Freitas 2016-03-07 13:52:52 -05:00
parent beb3bc8a4a
commit 4892f93531
3 changed files with 10 additions and 4 deletions

View File

@ -6,12 +6,13 @@ global {
cache_dir="/data/data/org.torproject.android/app_bin"; cache_dir="/data/data/org.torproject.android/app_bin";
server_port = 8091; server_port = 8091;
server_ip = 0.0.0.0; server_ip = 0.0.0.0;
query_method=tcp_only; query_method=udp_only;
min_ttl=15m; min_ttl=15m;
max_ttl=1w; max_ttl=1w;
timeout=10; timeout=10;
daemon=on; daemon=on;
pid_file="/data/data/org.torproject.android/app_bin/pdnsd.pid"; pid_file="/data/data/org.torproject.android/app_bin/pdnsd.pid";
} }
server { server {

View File

@ -649,7 +649,10 @@ public class TorService extends Service implements TorServiceConstants, OrbotCon
extraLines.append("TransPort ").append(transPort).append('\n'); extraLines.append("TransPort ").append(transPort).append('\n');
extraLines.append("DNSPort ").append(dnsPort).append("\n"); extraLines.append("DNSPort ").append(dnsPort).append("\n");
if (Prefs.useVpn())
extraLines.append("DNSListenAddress 0.0.0.0").append('\n');
if (Prefs.transparentTethering()) if (Prefs.transparentTethering())
{ {
extraLines.append("TransListenAddress 0.0.0.0").append('\n'); extraLines.append("TransListenAddress 0.0.0.0").append('\n');

View File

@ -78,7 +78,9 @@ public class OrbotVpnService extends VpnService implements Handler.Callback {
private final static boolean mIsLollipop = Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP; private final static boolean mIsLollipop = Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP;
//this is the actual DNS server we talk with over TCP/IP //this is the actual DNS server we talk with over TCP/IP
private final static String DEFAULT_ACTUAL_DNS = "8.8.8.8";//use Google here, or 8.8.4.4 as backup? private final static String DEFAULT_ACTUAL_DNS_HOST = "127.0.0.1";//"8.8.8.8";//use Google here, or 8.8.4.4 as backup?
private final static int DEFAULT_ACTUAL_DNS_PORT = TorServiceConstants.TOR_DNS_PORT_DEFAULT;
private boolean isRestart = false; private boolean isRestart = false;
@ -288,7 +290,7 @@ public class OrbotVpnService extends VpnService implements Handler.Callback {
} }
//start PDNSD daemon pointing to OpenDNS //start PDNSD daemon pointing to OpenDNS
startDNS(DEFAULT_ACTUAL_DNS,53); startDNS(DEFAULT_ACTUAL_DNS_HOST,DEFAULT_ACTUAL_DNS_PORT);
final String vpnName = "OrbotVPN"; final String vpnName = "OrbotVPN";
final String localhost = "127.0.0.1"; final String localhost = "127.0.0.1";