For the past two weeks I have been trying to integrate ttdnsd/torsocks combo into my system, allowing for proper DNS resolution to take place over Tor - all this was prompted by my report on bug legacy/trac#7797. Unfortunately, I've hit a brick wall. In a nutshell, I have found a few discrepancies/errors in both torsocks and ttdnsd and I also have a problem trying to force torsocks to talk to tor. Since in the "Component" section on this report form there is no place to select ttdnsd, I am doing this report for torsocks, as well as ttdnsd. 1. Torsocks config file environment variable: ttdnsd expects that to be defined in TSOCKS_CONF_FILE, while torsocks also have 2 different definitions of it: TORSOCKS_CONFFILE (torsocks.8) and TORSOCKS_CONF_FILE (the binary .so file). The latter, when specified, works. Also, that environment variable is only honoured BEFORE chroot (so the full path to this file MUST be specified) - something not mentioned in either of torsocks or ttdnsd man pages. 2. Even though I am using all 3 environment variables, pointing to the right torsocks.conf file, I still can't make it work. Here is my config: torsocks.conf ============= local = 127.0.0.0/255.0.0.0 local = 10.0.0.0/255.0.0.0 server = 127.0.0.1 server_port = 19050 ttdnsd.conf =========== 8.8.8.8 torrc (relevant parts only are included) ======================================== SocksPort 19050 SocksListenAddress 127.0.0.1:19050 DNSPort 53 DNSListenAddress 127.0.0.3:53 SocksPolicy accept 127.0.0.1:* # localhost SocksPolicy accept 127.0.0.2:* # localhost SocksPolicy accept 127.0.0.3:* # localhost SocksPolicy accept 10.0.0.0/8:* SocksPolicy reject *:* My tor proxy service is running on 127.0.0.1:19050. TTDNSD is running on 127.0.0.2:53, while tor's own DNS is running on 127.0.0.3:53. When not using TORSOCKS_DEBUG during ttdnsd start, after the initial setup I get the following message when a DNS request is sent to ttdnsd from the command line (using dig): 07:37:32 libtorsocks(2507): Call to connect received on completed request 4 07:37:32 libtorsocks(2507): sendto: Connection is a UDP or ICMP stream, may be a DNS request or other form of leak: rejecting. When TORSOCKS_DEBUG=1 is used, I get this: libtorsocks: Got connection request libtorsocks: Intercepted call to getpeername libtorsocks: Intercepted call to poll libtorsocks: Intercepted call to poll libtorsocks: Got connection request libtorsocks: Call to connect received on completed request 4 libtorsocks: Got sendto request libtorsocks: sendto: Connection is a UDP or ICMP stream, may be a DNS request or other form of leak: rejecting. libtorsocks: Got sendto request libtorsocks: sendto: Connection is a UDP or ICMP stream, may be a DNS request or other form of leak: rejecting. [...ad nauseum...] When I increase the debug level (TORSOCKS_DEBUG=255) I get a different message, though the effect is the same: 07:40:43 libtorsocks(2611): No requests waiting, calling real close 07:40:43 libtorsocks(2611): No requests waiting, calling real close 07:41:01 libtorsocks(2611): Got connection request 07:41:01 libtorsocks(2611): sin_family: 2 07:41:01 libtorsocks(2611): sockopt: 1 07:41:01 libtorsocks(2611): checking if address: 8.8.8.8 is local 07:41:01 libtorsocks(2611): localnet addr: 255.255.0.0 07:41:01 libtorsocks(2611): localip addr: 192.168.0.0 [...] 07:41:01 libtorsocks(2611): address: 8.8.8.8 is not local 07:41:01 libtorsocks(2611): Intercepted call to getpeername 07:41:01 libtorsocks(2611): Call to getpeername for fd 4 07:41:01 libtorsocks(2611): Got connection request for socket 4 to 8.8.8.8 07:41:01 libtorsocks(2611): Picking appropriate server for 8.8.8.8 07:41:01 libtorsocks(2611): Picked server 127.0.0.1 for connection 07:41:01 libtorsocks(2611): checking if address: 127.0.0.1 is local [...] 07:41:01 libtorsocks(2611): address: 127.0.0.0 is local 07:41:01 libtorsocks(2611): Beginning handle loop for socket 4 07:41:01 libtorsocks(2611): In request handle loop for socket 4, current state of request is 0 07:41:01 libtorsocks(2611): Connecting to 127.0.0.1 port 19050 07:41:01 libtorsocks(2611): Connect returned -1, errno is 115 07:41:01 libtorsocks(2611): Error 2 attempting to connect to SOCKS server (No such file or directory) 07:41:01 libtorsocks(2611): Handle loop completed for socket 4 in state 14, returning 2 connect status: No such file or directory We've loaded 8.8.8.8 as a nameserver. 1 nameservers loaded tsocks_conf: torsocks.conf log init... log file opened: ttdnsd.log log file opened as fd: 4 duping fds... check ttdnsd.log from here on out... dup2 says: 1 dup2 says: 2 closing original fd: 4... starting server... watching 1 file descriptors 1 file descriptors became ready received request of 37 bytes, id = 4927 adding new request (id=4927) new request added at pos: 436 using request slot 436 updating id: 16147 selecting peer peer selected: -1 connecting to 8.8.8.8 on port 53 watching 2 file descriptors 1 file descriptors became ready peer 8.8.8.8 in bad state 0 watching 2 file descriptors 1 file descriptors became ready peer 8.8.8.8 in bad state 0 watching 2 file descriptors [...ad nauseum...] I have absolutely no idea what the above errors mean exactly! The connection attempts were made from 127.0.0.1:XXXXX (dig) to 127.0.0.2:53 (ttdnsd) using UDP, and then I could see from /proc/net/nf_conntrack that a separate connection was indeed made (status is ASSURED) to the tor proxy (127.0.0.1:19050) from torsocks (127.0.0.2:XXXXX) using TCP. **Trac**: **Username**: mr-4