Whonix-Gateway System DNS
From Whonix
DNS on Whonix-Gateway ™[edit]
Introduction[edit]
Whonix-Workstation ™ is configured to use various SocksPorts, DnsPort and TransPort, see also Stream Isolation.
Whonix-Gateway ™ is only configured to use various SocksPorts. A global system DNS resolver is not required for Whonix-Gateway ™ for any common use case to justify enabling it by default. Use cases where this could be useful include:
- resolving the hostname of a proxy used in
/usr/local/etc/torrc.d/50_user.confthrough Tor would be useful (technical explanation [archive]) - resolving the hostname of a VPN. But then using a VPN configuration using IPs only would be better.
- Perhaps we could use
/etc/hostsfor such use cases rather than enabling system DNS?
How[edit]
Advanced users only!
Usually recommended against and unnecessary.
Working. Using Whonix-Gateway ™ user clearnet.
Using the clearnet user, traffic will be sent over normal internet! Not over Tor! Will not be anonymous!
Disable /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate by making it no longer executable so DHCP will write to /etc/resolv.conf. The following command only applies to older versions of Whonix or those who have package anon-gw-dhcp-conf installed.
sudo chmod -x /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
Make /etc/resov.conf mutable. Don't worry if the next command causes an error. It's not required anymore in recent Whonix ™ versions.
sudo chattr -i /etc/resolv.conf
Delete /etc/resolv.conf so we can regenerate it.
sudo rm /etc/resolv.conf
Restart networking.
sudo service networking restart
Login as user clearnet.
sudo su clearnet
Test it, for example using ping.
ping google.com
See Also[edit]
Footnotes[edit]
- ↑ Since Whonix 0.2.1, Whonix-Gateway ™ traffic is also routed over Tor. In this way, use of Whonix is hidden from persons or systems observing the network.
- ↑ To preserve the anonymity of a user's Whonix-Workstation ™ activities, it is not necessary to torify Whonix-Gateway ™ own traffic.
- ↑
For reader interest: If DNS settings on Whonix-Gateway ™ are changed in
/etc/resolv.conf, this only affects Whonix-Gateway ™ own DNS requests issued by applications using the system's default DNS resolver. By default, no applications issuing network traffic on Whonix-Gateway ™ use the system's default DNS resolver. All applications installed by default on Whonix-Gateway ™ that issue network traffic (apt-get, whonixcheck, sdwdate) are explicitly configured, or forced by uwt wrappers, to use their own TorSocksPort(see Stream Isolation). - ↑
Whonix-Workstation ™ default applications are configured to use separate Tor
SocksPorts(see Stream Isolation), thereby not using the system's default DNS resolver. Any applications in Whonix-Workstation ™ that are not configured for stream isolation - for examplenslookup- will use the default DNS server configured in Whonix-Workstation ™ (via/etc/network/interfaces), which is the Whonix-Gateway ™. Those DNS requests are redirected to Tor's DnsPort by Whonix-Gateway ™ firewall. Whonix-Gateway ™/etc/resolv.confdoes not affect Whonix-Workstation ™ DNS requests.
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
Join us in testing our new AppArmor profiles [archive] for improved security! (forum discussion [archive])
https [archive] | (forcing) onion [archive]
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].
Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.