Whonix

Jump to: navigation, search

Whonix-Gateway System DNS

This page contains changes which are not marked for translation.

Random News:

Join us testing new AppArmor profiles for improved security! (forum discussion)

DNS on Whonix-Gateway[edit]

Advanced users only!
Usually recommended against and unnecessary.

All traffic from Whonix-Workstation and Whonix-Gateway is routed over Tor. [1] [2] [3] [4]

Whonix-Workstation is configured to use various SocksPorts, DnsPort and TransPort, see also Stream Isolation. Whonix-Gateway is only configured to use various SocksPorts. A global system DNS resolver isn't required for Whonix-Gateway for anything. (Except, resolving the hostname of a proxy used in /etc/tor/torrc through Tor would be useful.)

Working. Using Whonix-Gateway's user clearnet.

Whonix first time users warning
Using the clearnet user, traffic will be sent over normal internet! Not over Tor! Will not be anonymous!

Explanation:
http://sourceforge.net/p/whonix/discussion/general/thread/41116dda/ 

sudo chmod -x /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
sudo chattr -i /etc/resolv.conf
sudo rm /etc/resolv.conf
sudo service networking restart
sudo su clearnet
ping google.com
# working

See Also[edit]

Footnotes[edit]

  1. Since Whonix 0.2.1 also the Whonix-Gateway traffic is routed over Tor. This prevents telling the world that the user is a Whonix user.
  2. To preserve anonymity of activities the user is doing inside Whonix-Workstation, it would not be required to torify Whonix-Gateway's own traffic.
  3. For your interest: if you were to change DNS settings on Whonix-Gateway in /etc/resolv.conf, this would only affect Whonix-Gateways's own DNS requests issued by applications using the system's default DNS resolver. Actually, by default, no applications issuing network traffic on Whonix-Gateway use the system's default DNS resolver. All applications installed by default on Whonix-Gateway issuing network traffic (apt-get, whonixcheck, timesync) are explicitly configured (or forced by uwt wrappers) to use their own Tor SocksPort (see Stream Isolation).
  4. Whonix-Workstation's default applications are configured to use separate Tor SocksPort's (see Stream Isolation), thus not using the system's default DNS resolver. Any applications on Whonix-Workstation, not configured for stream isolation (for example nslookup), will use the default DNS server configured in Whonix-Workstation in /etc/network/interfaces, which is Whonix-Gateway. Those DNS requests will be redirected to Tor's DnsPort by Whonix-Gateway's firewall. (Therefore Whonix-Gateway's /etc/resolv.conf does not affect Whonix-Workstation's DNS requests.

Log in | OpenID | Contact | Impressum | Datenschutz | Haftungsausschluss | Investors | Donate

https | Mirror | Mirror | Share: Twitter | Facebook | Google+

This is a wiki. Want to improve this page? See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.

Retrieved from ‘https://www.whonix.org/w/index.php?title=Whonix-Gateway_System_DNS&oldid=7468