On Thu, Mar 28, 2019 at 08:52:57AM -0700, Matthew Finkel wrote:
> On Sunday, March 10, 2019 at 3:24:08 PM UTC, farrilis wrote:
> > Using Qubes 4.0 in Whonix 14 template
> >
> >
> > When using curl, the -x (or --proxy) parameter accepts the address
> > (127.0.0.1:8082) that redirects to Qubes Updates proxy over RPC, and
> > returns what you would expect.
> >
> > But with wget (which I think is a better choice than curl), setting the
> > http_proxy environment variable is needed (according to 'man wget' and
> > web resources)
> >
> >
> > Using the following commands:
> >
> > 'export use_proxy=on'
> > 'export http_proxy=http://127.0.0.1:8082'
> > 'wget https://gitlab.com/repo/filename'
> >
> > produces this output:
> >
> > " Resolving gitlab.com (gitlab.com)... failed: Non-recoverable failure
> > in name resolution.
> > wget: unable to resolve host address 'gitlab.com' "
> >
> >
> > Then try a domain name that does not exist:
> >
> > " Connecting to 127.0.0.1:8082... connected.
> > Proxy request sent, awaiting response... 500 Unable to connect
> > 2019-03-10 15:17:23 ERROR 500: Unable to connect. "
> >
> >
> > What could the problem be? curl can use 127.0.0.1:8082, why not wget?
>
>
> wget leaks dns - by this I mean wget tries resolving the domain name locally
> and then uses the result from that as the destination of the proxied
> connection. If the DNS resolution query fails, then wget gives you that
> error. Curl, in comparison, (correctly) asks the proxy to handle the entire
> connection including the hostname resolution.
>
This isnt the case in buster, where (from my testing) wget honours the
proxy variable and does not attempt local dns lookups.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20190330030200.mah7sjzyltqgvcmf%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.