Jump to: navigation, search

Whonix-Gateway System DNS

This page contains changes which are not marked for translation.

Random News:

Check out Whonix blog.

DNS on Whonix-Gateway[edit]


Advanced users only!
Usually recommended against and unnecessary.

All traffic from Whonix-Workstation and Whonix-Gateway is routed over Tor. [1] [2] [3] [4]

Whonix-Workstation is configured to use various SocksPorts, DnsPort and TransPort, see also Stream Isolation. Whonix-Gateway is only configured to use various SocksPorts. A global system DNS resolver isn't required for Whonix-Gateway for anything. (Except, resolving the hostname of a proxy used in /etc/tor/torrc through Tor would be useful.) (technical explanation)


Working. Using Whonix-Gateway's user clearnet.

sudo chmod -x /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
sudo chattr -i /etc/resolv.conf
sudo rm /etc/resolv.conf
sudo service networking restart
sudo su clearnet
ping google.com
# working

See Also[edit]


  1. Since Whonix 0.2.1 also the Whonix-Gateway traffic is routed over Tor. This prevents telling the world that the user is a Whonix user.
  2. To preserve anonymity of activities the user is doing inside Whonix-Workstation, it would not be required to torify Whonix-Gateway's own traffic.
  3. For your interest: if you were to change DNS settings on Whonix-Gateway in /etc/resolv.conf, this would only affect Whonix-Gateways's own DNS requests issued by applications using the system's default DNS resolver. Actually, by default, no applications issuing network traffic on Whonix-Gateway use the system's default DNS resolver. All applications installed by default on Whonix-Gateway issuing network traffic (apt-get, whonixcheck, timesync) are explicitly configured (or forced by uwt wrappers) to use their own Tor SocksPort (see Stream Isolation).
  4. Whonix-Workstation's default applications are configured to use separate Tor SocksPort's (see Stream Isolation), thus not using the system's default DNS resolver. Any applications on Whonix-Workstation, not configured for stream isolation (for example nslookup), will use the default DNS server configured in Whonix-Workstation in /etc/network/interfaces, which is Whonix-Gateway. Those DNS requests will be redirected to Tor's DnsPort by Whonix-Gateway's firewall. (Therefore Whonix-Gateway's /etc/resolv.conf does not affect Whonix-Workstation's DNS requests.

Log in | OpenID | Contact | Impressum | Datenschutz | Haftungsausschluss | Investors | Donate

https | Mirror | Mirror | Share: Twitter | Facebook | Google+

This is a wiki. Want to improve this page? See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.