Re: [DNSOP] [internet-drafts@ietf.org: I-D Action: draft-grothoff-iesg-special-use-p2p-names-00.txt]

[Patrik Fältström <paf@frobbit.se>]

Btw, I did ask a person working with these things how this is implemented in reality, out in the world, and the following is the response:

> *** At this point I don't think there's a global plugin for all of
> them. The Tails distribution has a nice page explaining how to enforce
> Tor (and I2P) that covers DNS resolution hijacking, HTTP proxying, and
> IP redirection of 127.192.0.0/10 to ensure all traffic not destined to
> clear Internet goes through Tor and I2P.
> 
> https://tails.boum.org/contribute/design/Tor_enforcement/
> 
> Assuming you have Tor and I2P running, you could declare an HTTP and
> SOCKS proxy on localhost--e.g. using Privoxy, and then configure
> Privoxy to route .i2p to the local I2P resolver (localhost:8887), and
> .onion to the Tor resolver (localhost:9050)
> 
> It works similarly for .bit (Namecoin) or the GNS, but the preferred
> method is via the Name Service Switch because those can and do provide
> different RR types that are not available with the DNS RR types. E.g.,
> for GNUnet you would do:
> 
> # grep hosts /etc/nsswitch.conf
> hosts: files gns [NOTFOUND=return] dns
> 
> You might also need to remove the reverse path filtering on your
> virtual gnunet-dns interface:
> 
> # echo 0 > /proc/sys/net/ipv4/conf/gnunet-dns/rp_filter
> 
> Tor's trac also have an extensive page on DNS resolution alternatives
> and their configuration:
> 
> https://trac.torproject.org/projects/tor/wiki/doc/DnsResolver
> 
> Hope that helps,

   Patrik