TeaTastic

joined 2 years ago
sorted by: new top controversial old
dnscrypt-proxy2 routed through tor in c/nix@programming.dev
[โ€“] TeaTastic@lemmy.world 0 points 2 years ago (1 children)

Routing DNSCrypt through the Tor network should, in theory, anonymize DNS queries. This configuration would result in the DNS resolver observing the IP address of the Tor exit node rather than my actual IP address, thus hiding my identity from the resolver. I'm not sure why the actual request to the site would go to the IP directly.

For implementing DNS over HTTPS (DoH) via Tor, I followed the guidelines from this GitHub repository and translated them into my current approach.

I've gone through DNSCrypt's logs, but nothing really stood out. I'm a bit lost with Wireshark - there's so much data even if I filter it by DNS or Tor Socks Port (From my relay).

While you asked about the basis for my conclusions, it's worth noting that if the Tor proxy were working as intended, I would also anticipate a considerable increase in latency. There's a huge difference when I enter https://one.one.one.one/help/ normally with "Use system proxy settings" in my browser and when I enter it with a "Manual proxy configuration" with the SOCKS Host set up and "Proxy DNS when using SOCKS v5" checked on.

dnscrypt-proxy2 routed through tor in c/nix@programming.dev
[โ€“] TeaTastic@lemmy.world 0 points 2 years ago (3 children)

It's not hiding my real ip from websites such as https://whatismyipaddress.com/. If it was torrified, I'd expect something changing on "am i using tor" websites as well.

1
dnscrypt-proxy2 routed through tor (lemmy.world)
submitted 2 years ago* (last edited 2 years ago) by TeaTastic@lemmy.world to c/nix@programming.dev
5 comments fedilink
 

I'm attempting to configure an anonymized DNS service using dnscrypt-proxy2, routed through the Tor network. I believe I have everything needed for it to work, but that does not seem to be the case. The DNS resolution is fine, but it's not being proxied through Tor as desired.

 services.resolved.enable = false;
 services.dnscrypt-proxy2 = {
   enable = true;
   settings = {
     ipv6_servers = config.networking.enableIPv6;
     block_ipv6 = !(config.networking.enableIPv6);
     listen_addresses = ["127.0.0.1:53" "[::1]:53"];
     force_tcp = true;

     use_syslog = false;
     odoh_servers = true;
     require_dnssec = true;
     require_nolog = false;
     require_nofilter = true;

     anonymized_dns = {
       routes = [
         {
           server_name = "*";
           via = ["anon-plan9-dns" "anon-v.dnscrypt.up-ipv4"];
         }
       ];
       skip_incompatible = true;
     };

     sources.public-resolvers = {
       urls = [
         "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
         "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
       ];
       cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
       minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
     };

     block_unqualified = true;
     block_undelegated = true;
     proxy = "socks5://127.0.0.1:9050";
   };
 };

 systemd.services.dnscrypt-proxy2.serviceConfig = {
   StateDirectory = "dnscrypt-proxy";
 };

    useDHCP = false;
    enableIPv6 = true;
    nameservers = [
      "127.0.0.1"
      "::1"
    ];
    networkmanager.enable = true;
    networkmanager.dns = "none";

  services.tor = {
    enable = true;
    enableGeoIP = false;
    torsocks.enable = true;
    client = {
      enable = true;
    };
  };
1
Simple-Nixos-Mailserver: Sending emails fails (lemmy.world)
 

I've been trying to achieve a working mail setup on nixos by using simple-nixos-mailserver.

  mailserver = {
    enable = true;
    certificateScheme = "acme-nginx";
    enableManageSieve = true;
    fqdn = "email.teatastic.org";
    domains = ["teatastic.org"];
    mailboxes = {
      Drafts = {
        auto = "subscribe";
        specialUse = "Drafts";
      };
      Junk = {
        auto = "subscribe";
        specialUse = "Junk";
      };
      Sent = {
        auto = "subscribe";
        specialUse = "Sent";
      };
      Trash = {
        auto = "no";
        specialUse = "Trash";
      };
    };

    loginAccounts = {
      "user1@teatastic.org" = {
        hashedPasswordFile = config.sops.secrets.password.path;
        aliases = ["postmaster@teatastic.org"];
      };
    };

    fullTextSearch = {
      enable = false;
      enforced = "body";
      indexAttachments = true;
      memoryLimit = 512;
    };

    enableImap = true;
    enablePop3 = true;
    enableImapSsl = true;
    enablePop3Ssl = true;

    virusScanning = false;
  };
  services.roundcube = {
    enable = true;
    package = pkgs.roundcube.withPlugins (
      plugins: [
        plugins.carddav
        plugins.contextmenu
        plugins.custom_from
        plugins.persistent_login
        plugins.thunderbird_labels
      ]
    );
    plugins = [
      "attachment_reminder" # Roundcube internal plugin
      "carddav"
      "contextmenu"
      "custom_from"
      "managesieve" # Roundcube internal plugin
      "newmail_notifier" # Roundcube internal plugin
      "persistent_login"
      "thunderbird_labels"
      "zipdownload" # Roundcube internal plugin
    ];
    #dicts = with pkgs.aspellDicts; [en];
    hostName = config.mailserver.fqdn;
    maxAttachmentSize = 100;
    extraConfig = ''
      $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
      $config['smtp_user'] = "%u";
      $config['smtp_pass'] = "%p";
    '';
  };

  security.acme = {
    acceptTerms = true;
    defaults.email = "user1@teatastic.org";
  };

    firewall = {
      enable = true;
      allowedTCPPorts = [
        25 587 143 993 110 995 # Email
        80 # Nginx
      ];
    };

I'm logging in through roundcube, which works as expected. However, when I get to the point of composing an email to somebody, it just starts a "Sending message..." loop without actually sending anything.

I've forwarded the aforementioned ports on my router, yet it fails.