You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
All that is needed is TCP support by the resolver. I tested many of this list: https://www.publicdns.xyz/
^^ ~ 95% of them work well with TCP, it wasn't the same 5 years ago as most DNS servers didn't support TCP DNS.
I was having trouble with that annoying "Google captcha" when browsing with Firefox in orjail, and after tests with some DNS servers I realized that DNS resolvers were the cause, perhaps because Tor changes the resolvers often in the middle of some accesses. The most stable DNS resolvers I found are anycast.censurfridns.dk (91.239.100.100 | 2001:67c:28a4::) and unicast.censurfridns.dk (89.233.43.71 | 2a01:3a0:53:53::), I didn't got any error.
The trick is easy, /etc/resolv.conf (or /etc/netns/namespace/resolv.conf) should be:
^^ Works well, and should be the same with any transparent proxy as long as TCP port 53 is unblocked by the upstream server. The only disadvantage is that .onion sites will be not reachable with this scheme.
The text was updated successfully, but these errors were encountered:
I found interesting in allowing user to choose the DNS server, I have had problems to bypass captchas with my slow connection, the Uncensored DNS seems to fix that.
An option to allow users to choose their DNS servers, even if disabling the normal Tor DNSPort and hidden services would be useful.
DNS over TCP is supported by Linux since 2015-05-07: https://web.archive.org/web/20150518063349/http://man7.org:80/linux/man-pages/man5/resolv.conf.5.html
All that is needed is TCP support by the resolver. I tested many of this list: https://www.publicdns.xyz/
^^ ~ 95% of them work well with TCP, it wasn't the same 5 years ago as most DNS servers didn't support TCP DNS.
I was having trouble with that annoying "Google captcha" when browsing with Firefox in orjail, and after tests with some DNS servers I realized that DNS resolvers were the cause, perhaps because Tor changes the resolvers often in the middle of some accesses. The most stable DNS resolvers I found are anycast.censurfridns.dk (91.239.100.100 | 2001:67c:28a4::) and unicast.censurfridns.dk (89.233.43.71 | 2a01:3a0:53:53::), I didn't got any error.
The trick is easy, /etc/resolv.conf (or /etc/netns/namespace/resolv.conf) should be:
options use-vc
nameserver <some_server>
Testing with orjail:
sudo orjail -s
sudo echo -e "options use-vc \nnameserver 89.233.43.71 \n" > /etc/resolv.conf
dig +tcp github.com | grep 'SERVER:'
curl ifconfig.me
^^ Works well, and should be the same with any transparent proxy as long as TCP port 53 is unblocked by the upstream server. The only disadvantage is that .onion sites will be not reachable with this scheme.
The text was updated successfully, but these errors were encountered: