this post was submitted on 04 Sep 2024
5 points (85.7% liked)

Unofficial Tor Community

167 readers
1 users here now

Link to tor project (they made the icon I grabbed, and tor itself of course): https://www.torproject.org/

This is a community to discuss the tor project and your experience with tor, tor browser, etc.

Rules are generally: be nice, don't be bigoted, etc.

Only seems fair that an infosec instance should have a community about one of the most well known anonymity tools :)

founded 1 year ago
MODERATORS
 

To do an MX lookup over Tor, this command has worked for me for years:

$ torsocks dig @"$dns_server" -t mx -q "$email_domain" +noclass +nocomments +nostats +short +tcp +nosearch

In the past week or so it just hangs. My first thought was the DNS server I chose (8.8.8.8) started blocking tor. But in fact it does not matter what DNS server is queried. The whole Tor network is apparently blocking tor users from doing MX lookups.

Also notable that dig hangs forever. It does not timeout despite a default timeout interval of 5 seconds (according to the man page).

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 2 months ago* (last edited 2 months ago) (1 children)

Which torsocks version? Yours is probably newer than mine. It seems to be a problem with torsocks 2.3.0 and only with dig. And indeed there is nothing wrong at the network level because I was able to do an MX lookup over tor using a different method than torsocks. I'm also able to use other apps with torsocks, just not dig all of the sudden.

[–] [email protected] 1 points 2 months ago* (last edited 2 months ago) (1 children)

I'm using Torsocks 2.3.0 and DiG 9.20.1

It could be the exit node that you're using perhaps? Maybe you could try specifying a different exit node and trying again. Also check exit node policies to make sure DNS is allowed, although as your problem only seems to be with MX records then that might not be the cause.

[–] [email protected] 0 points 2 months ago* (last edited 2 months ago)

Exit nodes are temporary unless you deliberately pin them for a particular connection, which I have not done for the DNS servers. The problem manifests without exception for weeks now, so it could not be attributed to a bad exit node. The tor microdescriptor db tracks the perms of every node, so I don’t think it would create a circuit for disallowed traffic. There could be an inconsistency between the microdesc and reality, but it would have to be a replicated inconsistency for every connection attempted with torsocks and yet not replicated on any connection made using the torsocks alternative (which works).