Whonix-Gateway System DNS
DNS on Whonix-Gateway
Advanced users only!
Usually recommended against and unnecessary.
Whonix-Workstation is configured to use various SocksPorts, DnsPort and TransPort, see also Stream Isolation. Whonix-Gateway is only configured to use various SocksPorts. A global system DNS resolver isn't required for Whonix-Gateway for anything. (Except, resolving the hostname of a proxy used in /etc/tor/torrc through Tor would be useful.) (technical explanation)
Working. Using Whonix-Gateway's user clearnet.
|Using the clearnet user, traffic will be sent over normal internet! Not over Tor! Will not be anonymous!|
sudo chmod -x /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
sudo chattr -i /etc/resolv.conf
sudo rm /etc/resolv.conf
sudo service networking restart
sudo su clearnet
Test it, for example using ping.
- Since Whonix 0.2.1 also the Whonix-Gateway traffic is routed over Tor. This prevents telling the world that the user is a Whonix user.
- To preserve anonymity of activities the user is doing inside Whonix-Workstation, it would not be required to torify Whonix-Gateway's own traffic.
- For your interest: if you were to change DNS settings on Whonix-Gateway in Stream Isolation). , this would only affect Whonix-Gateways's own DNS requests issued by applications using the system's default DNS resolver. Actually, by default, no applications issuing network traffic on Whonix-Gateway use the system's default DNS resolver. All applications installed by default on Whonix-Gateway issuing network traffic (apt-get, whonixcheck, timesync) are explicitly configured (or forced by uwt wrappers) to use their own Tor SocksPort (see
- Whonix-Workstation's default applications are configured to use separate Tor SocksPort's (see Stream Isolation), thus not using the system's default DNS resolver. Any applications on Whonix-Workstation, not configured for stream isolation (for example ), will use the default DNS server configured in Whonix-Workstation in , which is Whonix-Gateway. Those DNS requests will be redirected to Tor's DnsPort by Whonix-Gateway's firewall. (Therefore Whonix-Gateway's does not affect Whonix-Workstation's DNS requests.
Log in | OpenID | Contact | Impressum | Datenschutz | Haftungsausschluss | Investors | Donate
This is a wiki. Want to improve this page? Help welcome, volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.