DNS lookup through pdnsd should loop back into Tor DNS port
While the TCP query to Google DNS before provided more robust DNS services, it could still leak outside the VPN service based on platform version and other circumstances. By using PDNSD as a proxy back into Tor's limited DNS service, we ensure DNS does not leak.
This commit is contained in:
parent
beb3bc8a4a
commit
4892f93531
|
@ -6,12 +6,13 @@ global {
|
|||
cache_dir="/data/data/org.torproject.android/app_bin";
|
||||
server_port = 8091;
|
||||
server_ip = 0.0.0.0;
|
||||
query_method=tcp_only;
|
||||
query_method=udp_only;
|
||||
min_ttl=15m;
|
||||
max_ttl=1w;
|
||||
timeout=10;
|
||||
daemon=on;
|
||||
pid_file="/data/data/org.torproject.android/app_bin/pdnsd.pid";
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
|
|
|
@ -650,6 +650,9 @@ public class TorService extends Service implements TorServiceConstants, OrbotCon
|
|||
extraLines.append("TransPort ").append(transPort).append('\n');
|
||||
extraLines.append("DNSPort ").append(dnsPort).append("\n");
|
||||
|
||||
if (Prefs.useVpn())
|
||||
extraLines.append("DNSListenAddress 0.0.0.0").append('\n');
|
||||
|
||||
if (Prefs.transparentTethering())
|
||||
{
|
||||
extraLines.append("TransListenAddress 0.0.0.0").append('\n');
|
||||
|
|
|
@ -78,7 +78,9 @@ public class OrbotVpnService extends VpnService implements Handler.Callback {
|
|||
private final static boolean mIsLollipop = Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP;
|
||||
|
||||
//this is the actual DNS server we talk with over TCP/IP
|
||||
private final static String DEFAULT_ACTUAL_DNS = "8.8.8.8";//use Google here, or 8.8.4.4 as backup?
|
||||
private final static String DEFAULT_ACTUAL_DNS_HOST = "127.0.0.1";//"8.8.8.8";//use Google here, or 8.8.4.4 as backup?
|
||||
private final static int DEFAULT_ACTUAL_DNS_PORT = TorServiceConstants.TOR_DNS_PORT_DEFAULT;
|
||||
|
||||
private boolean isRestart = false;
|
||||
|
||||
|
||||
|
@ -288,7 +290,7 @@ public class OrbotVpnService extends VpnService implements Handler.Callback {
|
|||
}
|
||||
|
||||
//start PDNSD daemon pointing to OpenDNS
|
||||
startDNS(DEFAULT_ACTUAL_DNS,53);
|
||||
startDNS(DEFAULT_ACTUAL_DNS_HOST,DEFAULT_ACTUAL_DNS_PORT);
|
||||
|
||||
final String vpnName = "OrbotVPN";
|
||||
final String localhost = "127.0.0.1";
|
||||
|
|
Loading…
Reference in New Issue