Hi we are trying to figure out the best way to handle DNS requests to
both clearnet and Tor onionland,
while still having MX lookups working, in order to correctly send emails
to clearnet hosts.
Currently we are using just Tor, configured as transparent proxy and DNS
resolver.
This is nice because all DNS requests are done thru Tor
but MX lookups will fail, and for an email provider service, this is a
show stopper.
Various online resources suggest to use Tor only to resolve onion
addresses
and Unbound for all the rest,
but we are having difficulties in configuring Unbound.
This is Debian 7 (wheezy)
and the configuration we are talking about should be something like
this:
# cat /etc/unbound/unbound.conf
server:
# The following line will configure unbound to perform cryptographic
# DNSSEC validation using the root trust anchor.
auto-trust-anchor-file: "/var/lib/unbound/root.key"
tcp-upstream: yes
do-udp: no
domain-insecure: "onion"
private-domain: "onion"
do-not-query-localhost: no
forward-zone:
name: "onion"
forward-addr: 127.0.0.1@54
54 is Tor DNS resolver port.
As you see, we are not Unbound experts, and this configuration does not
work.
Can you please supply a minimal Unbound configuration, that accepts DNS
queries only from localhost
and that routes .onion requests to Tor on port 54 ?
Thanks for this great project and wish you great holidays!
RuggedInbox team
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
