On Thu, Mar 28, 2019 at 08:52:57AM -0700, Matthew Finkel wrote: > On Sunday, March 10, 2019 at 3:24:08 PM UTC, farrilis wrote: > > Using Qubes 4.0 in Whonix 14 template > > > > > > When using curl, the -x (or --proxy) parameter accepts the address > > (127.0.0.1:8082) that redirects to Qubes Updates proxy over RPC, and > > returns what you would expect. > > > > But with wget (which I think is a better choice than curl), setting the > > http_proxy environment variable is needed (according to 'man wget' and > > web resources) > > > > > > Using the following commands: > > > > 'export use_proxy=on' > > 'export http_proxy=http://127.0.0.1:8082' > > 'wget https://gitlab.com/repo/filename' > > > > produces this output: > > > > " Resolving gitlab.com (gitlab.com)... failed: Non-recoverable failure > > in name resolution. > > wget: unable to resolve host address 'gitlab.com' " > > > > > > Then try a domain name that does not exist: > > > > " Connecting to 127.0.0.1:8082... connected. > > Proxy request sent, awaiting response... 500 Unable to connect > > 2019-03-10 15:17:23 ERROR 500: Unable to connect. " > > > > > > What could the problem be? curl can use 127.0.0.1:8082, why not wget? > > > wget leaks dns - by this I mean wget tries resolving the domain name locally > and then uses the result from that as the destination of the proxied > connection. If the DNS resolution query fails, then wget gives you that > error. Curl, in comparison, (correctly) asks the proxy to handle the entire > connection including the hostname resolution. >
This isnt the case in buster, where (from my testing) wget honours the proxy variable and does not attempt local dns lookups. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190330030200.mah7sjzyltqgvcmf%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
