I'm trying to add tor support to a system that uses systemd for network configuration. I have configured tor to listen for local DNS queries on 127.0.0.2. Now I'd like systemd-resolved to resolve queries that end in ".onion" to go to that DNS server. See what I've tried:
02-08 05:59:39 daurnimator@daurn-vultr /etc/systemd/network $ cat tor.network [Match] Name=lo [Network] DNS=127.0.0.2 Domains=~onion 02-08 06:00:23 daurnimator@daurn-vultr /etc/systemd/network $ dig @127.0.0.2 frxleqtzgvwkv7oz.onion ; <<>> DiG 9.11.0-P2 <<>> @127.0.0.2 frxleqtzgvwkv7oz.onion ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 899 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;frxleqtzgvwkv7oz.onion. IN A ;; ANSWER SECTION: frxleqtzgvwkv7oz.onion. 60 IN A 127.192.40.24 ;; Query time: 0 msec ;; SERVER: 127.0.0.2#53(127.0.0.2) ;; WHEN: Wed Feb 08 06:00:28 UTC 2017 ;; MSG SIZE rcvd: 56 02-08 06:00:28 daurnimator@daurn-vultr /etc/systemd/network $ dig @127.0.0.53 frxleqtzgvwkv7oz.onion ; <<>> DiG 9.11.0-P2 <<>> @127.0.0.53 frxleqtzgvwkv7oz.onion ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25762 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;frxleqtzgvwkv7oz.onion. IN A ;; Query time: 14 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Wed Feb 08 06:00:31 UTC 2017 ;; MSG SIZE rcvd: 51 02-08 06:00:31 daurnimator@daurn-vultr /etc/systemd/network $ sudo systemctl status systemd-resolved ● systemd-resolved.service - Network Name Resolution Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2017-02-08 05:52:04 UTC; 9min ago Docs: man:systemd-resolved.service(8) http://www.freedesktop.org/wiki/Software/systemd/resolved http://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers http://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients Main PID: 29816 (systemd-resolve) Status: "Processing requests..." Tasks: 1 (limit: 4915) CGroup: /system.slice/systemd-resolved.service └─29816 /usr/lib/systemd/systemd-resolved Feb 08 05:52:03 daurn-vultr systemd[1]: Starting Network Name Resolution... Feb 08 05:52:04 daurn-vultr systemd-resolved[29816]: Positive Trust Anchors: Feb 08 05:52:04 daurn-vultr systemd-resolved[29816]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 Feb 08 05:52:04 daurn-vultr systemd-resolved[29816]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21 Feb 08 05:52:04 daurn-vultr systemd-resolved[29816]: Using system hostname 'daurn-vultr'. Feb 08 05:52:04 daurn-vultr systemd[1]: Started Network Name Resolution. Feb 08 05:52:06 daurn-vultr systemd-resolved[29816]: Switching to DNS server 108.61.10.10 for interface ens3. Feb 08 06:00:31 daurn-vultr systemd-resolved[29816]: Processing query... _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel