routing .onion into tor using the unbound.conf

This commit is contained in:
The TorPSYC Team 2013-10-13 21:38:45 +02:00
parent 8fc74212f6
commit ec6ccbfc4f
2 changed files with 24 additions and 2 deletions

View File

@ -376,7 +376,7 @@ X
$torify = "torsocks"; $torify = "torsocks";
say "Enabling PSYC federation over Tor: Using " say "Enabling PSYC federation over Tor: Using "
. "torsocks wrapper around psyced.\n"; . "torsocks wrapper around psyced.\n";
say "Warning: It will probably not function.\n" say "Warning: Maybe, if you install unbound.conf, it actually works.\n"
} }
} }
## ldmud bug number two ## ldmud bug number two
@ -617,6 +617,8 @@ test -x $base/bin/psyced || exit 0
case "\$1" in case "\$1" in
start) start)
echo -n "Starting psyced in background ... " echo -n "Starting psyced in background ... "
# route .onion addresses through Tor
iptables -t nat -A OUTPUT -p tcp -d 127.192.0.0/10 -j REDIRECT --to-ports 9040
# in nei's environment a zsh would be started to execute the # in nei's environment a zsh would be started to execute the
# psyced script. so he suggests to add a -s parameter. in our # psyced script. so he suggests to add a -s parameter. in our
# environment both strategies work. # environment both strategies work.
@ -688,7 +690,10 @@ X
ControlSocket $base/var/tor/.control ControlSocket $base/var/tor/.control
DataDirectory $base/var/tor DataDirectory $base/var/tor
TransPort 9040
SocksPort 9050 SocksPort 9050
DNSPort 9053
AutomapHostsOnResolve 1
HiddenServiceDir $base/etc/tor/.onion HiddenServiceDir $base/etc/tor/.onion
X X
@ -703,7 +708,6 @@ X
#ControlPort 9051 #ControlPort 9051
#Log notice stdout #Log notice stdout
#DirReqStatistics 0 #DirReqStatistics 0
#DNSPort 127.0.0.1:5353
#SafeSocks 1 #SafeSocks 1
X X
print O <<X if $c{_optional_tor_nodes_entry}; print O <<X if $c{_optional_tor_nodes_entry};

18
tor/unbound.conf Normal file
View File

@ -0,0 +1,18 @@
# tell a localhost "unbound" DNS server to
# forward .onion requests into Tor
# courtesy of tg of secushare.org
#
# see the unbound.conf(5) man page for more.
server:
# The following line will configure unbound to perform cryptographic
# DNSSEC validation using the root trust anchor.
auto-trust-anchor-file: "/var/lib/unbound/root.key"
do-not-query-localhost: no
harden-dnssec-stripped: no
private-domain: "onion"
forward-zone:
name: "onion"
forward-addr: 127.0.0.1@9053
forward-first: no