[Tails-dev] network.proxy.socks_remote_dns and localhost

Nachricht löschen

Nachricht beantworten
Autor: Ague Mill
Datum:  
To: tails-dev
Betreff: [Tails-dev] network.proxy.socks_remote_dns and localhost
Hi!

Since we now include Torbrowser patches, we gained the
`network.proxy.socks_remote_dns` preference.

Its implemented in:
<https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/src/current-patches/firefox/0016-Prevent-WebSocket-DNS-leak.patch>

When this option is true, Firefox will fail every name resolving request
that is not going through a proxy (except when asked the noop that is
resolving an IP address).

socks_remote_dns is set to true by Torbutton. This is currently seen as
mandatory: when set to false, Torbutton assumes we are out of "Tor mode"
and display a broken onion.

This state of affairs currently breaks (at least) two things in Tails
0.14:

* Access to the I2P router console through `http://localhost:7657/`.
* The Monkeysphere extension is not able to connect the validation
agent. (This one also requires a new whitelist rule in FoxyProxy
to fully work again.)

Both can be fixed by using `127.0.0.1` instead of `localhost`. That's
good enough if there's not an army of similar issues behind.

But given that Tails system resolver is using Tor, this already takes care
of the leaks that `socks_remote_dns` prevents. So we could also modify
Torbutton think good things about our torrified system resolver.

What do you think?

--
Ague