Interesting... I just did a test. As root I watched udp traffic using "tcpdump -i eth0 -net -s 65535 udp and host 192.168.XX.XX" and didn't see any DNS request when I used "proxychains firefox http://check.torproject.org"
I did see this in the terminal that I launched proxychains from. " bu...@janus-dev-vm:~$ proxychains firefox http://check.torproject.org ProxyChains-3.1 (http://proxychains.sf.net) |DNS-request| check.torproject.org |S-chain|-<>-127.0.0.1:9050-<><>-4.2.2.2:53-<><>-OK |DNS-response| check.torproject.org is 209.237.247.84 |S-chain|-<>-127.0.0.1:9050-<><>-209.237.247.84:80-<><>-OK " Also worth mentioning, at the end of the default proxychains.conf file is: " # defaults set to "tor" socks5 127.0.0.1 9050 " Perhaps the author did have Tor in mind? When I ran firefox without proxychains, I then say DNS request with tcpdump, as expected. Hrm....I think it's working. If I'm wrong, could someone point out the flaw in my testing method? Thanks! - Kyle On Mon, Jan 5, 2009 at 11:25 PM, Roger Dingledine <[email protected]> wrote: > On Mon, Jan 05, 2009 at 11:11:13PM -0800, Kyle Williams wrote: > > Are you saying that the "proxy_dns" option in the proxychains.conf is in > > fact leaking DNS request?from the proxychains.conf file: > > " > > # Proxy DNS requests - no leak for DNS data > > proxy_dns > > " > > > > I thought it would resolve against the specified SOCKS 4/5 proxy. Is > this > > not happening? > > Socks doesn't have a notion of resolving. It only has a notion of > connecting (well, and binding, but we don't use that). > > We hacked on our own notion of a 'resolve' socks request: > https://svn.torproject.org/svn/tor/trunk/doc/spec/socks-extensions.txt > and I'd be surprised if any other projects use our extension. > > --Roger > >

