Whonix-Gateway System DNS
DNS on Whonix-Gateway
Advanced users only!
Usually recommended against and unnecessary.
Whonix-Workstation is configured to use various SocksPorts, DnsPort and TransPort, see also Stream Isolation. Whonix-Gateway is only configured to use various SocksPorts. A global system DNS resolver is not required for Whonix-Gateway for any common use case to justify enabling it by default. Use cases where this could be useful include:
- resolving the hostname of a proxy used in /etc/tor/torrc through Tor would be useful (technical explanation)
- resolving the hostname of a VPN. But then using a VPN configuration using IPs only would be better.
- Perhaps we could use /etc/hosts for such use cases rather than enabling system DNS?
Working. Using Whonix-Gateway's user clearnet.
|Using the clearnet user, traffic will be sent over normal internet! Not over Tor! Will not be anonymous!|
Disable /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate by making it no longer executable so DHCP will write to /etc/resolv.conf
sudo chmod -x /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
Make /etc/resov.conf mutable. Don't worry if the next command causes an error. It's not required anymore in recent Whonix versions.
sudo chattr -i /etc/resolv.conf
Delete /etc/resolv.conf so we can regenerate it.
sudo rm /etc/resolv.conf
sudo service networking restart
Login as user clearnet.
sudo su clearnet
Test it, for example using ping.
- Since Whonix 0.2.1, Whonix-Gateway traffic is also routed over Tor. In this way, use of Whonix is hidden from persons or systems observing the network.
- To preserve the anonymity of a user's Whonix-Workstation activities, it is not necessary to torify Whonix-Gateway's own traffic.
- For reader interest: If DNS settings on Whonix-Gateway are changed in Stream Isolation). , this only affects Whonix-Gateways's own DNS requests issued by applications using the system's default DNS resolver. By default, no applications issuing network traffic on Whonix-Gateway use the system's default DNS resolver. All applications installed by default on Whonix-Gateway that issue network traffic (apt-get, whonixcheck, timesync) are explicitly configured, or forced by uwt wrappers, to use their own Tor SocksPort (see
- Whonix-Workstation's default applications are configured to use separate Tor SocksPorts (see Stream Isolation), thereby not using the system's default DNS resolver. Any applications in Whonix-Workstation that are not configured for stream isolation - for example - will use the default DNS server configured in Whonix-Workstation (via ), which is the Whonix-Gateway. Those DNS requests are redirected to Tor's DnsPort by Whonix-Gateway's firewall. Whonix-Gateway's does not affect Whonix-Workstation's DNS requests.
Impressum | Datenschutz | Haftungsausschluss
Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself.