diff options
authoranonym <>2018-01-26 12:00:45 +0100
committeranonym <>2018-01-26 12:16:49 +0100
commitc44a41a5cb49c76f2d08cd478fe566edb09f2ac7 (patch)
parenta993d3eb30f88bf0a7a085db7e63653979846502 (diff)
Design: document tor's new DNS configuration.
Will-fix: #8775
2 files changed, 27 insertions, 8 deletions
diff --git a/wiki/src/contribute/design/Tor_enforcement/DNS.mdwn b/wiki/src/contribute/design/Tor_enforcement/DNS.mdwn
index 079910d..fce8643 100644
--- a/wiki/src/contribute/design/Tor_enforcement/DNS.mdwn
+++ b/wiki/src/contribute/design/Tor_enforcement/DNS.mdwn
@@ -15,15 +15,29 @@ Tails also forbids DNS queries to RFC1918 addresses; those might
indeed allow the system to learn the local network's public IP
-An exception to the above DNS configuration is the `clearnet` user
-used to run the [[contribute/design/Unsafe_Browser]], which uses the
-DNS server provided for DHCP for resolving.
`resolv.conf` is configured to point to the Tor DNS resolver, and <span
class="application">NetworkManager<span> and `dhclient` are configured
not to manage `resolv.conf` at all:
-* [[!tails_gitweb config/chroot_local-includes/etc/resolv.conf]]
* [[!tails_gitweb config/chroot_local-includes/etc/NetworkManager/conf.d/dns.conf]]
* [[!tails_gitweb config/chroot_local-includes/etc/dhcp/dhclient-enter-hooks.d/disable_make_resolv_conf]]
+* [[!tails_gitweb config/chroot_local-includes/etc/resolv.conf]]
* [[!tails_gitweb config/chroot_local-includes/etc/tor/torrc]]
+Some applications need to be able to do clearnet DNS resolutions, so
+we save the DNS configuration obtained by NetworkManager:
+* [[!tails_gitweb config/chroot_local-includes/etc/NetworkManager/dispatcher.d/00-resolv-over-clearnet]]
+The following is the complete list of the applications allowed to use
+the clearnet DNS configuration:
+* the `tor` process itself, but only if the user requested to
+ configure Tor's network settings in Tails Greeter; in this case
+ `tor` being able to resolve hostnames is convenient (e.g. hostnames
+ are human-readable, IP addresses not as much) or even necessary
+ (e.g. for the Meek pluggable transport):
+ - [[!tails_gitweb config/chroot_local-includes/etc/NetworkManager/dispatcher.d/]]
+* the `clearnet` user used to run the
+ [[contribute/design/Unsafe_Browser]]:
+ - [[!tails_gitweb config/chroot_local-includes/usr/local/sbin/unsafe-browser]]
diff --git a/wiki/src/contribute/design/Tor_network_configuration.mdwn b/wiki/src/contribute/design/Tor_network_configuration.mdwn
index 76b4378..7d38cc0 100644
--- a/wiki/src/contribute/design/Tor_network_configuration.mdwn
+++ b/wiki/src/contribute/design/Tor_network_configuration.mdwn
@@ -34,13 +34,18 @@ non-default option called "My Internet Connection is
censored...". When activated, the following deviations from normal
Tails behaviour occur, in order:
-1. Tails Greeter adds `DisableNetwork 1` to torrc so Tor will not
+0. Tails Greeter adds `DisableNetwork 1` to torrc so Tor will not
connect to the network without user intervention.
-2. When we connect to the network, a NetworkManager hook starts Tor
+0. The `tor` process is configured to not use the system resolver
+ (which is `tor` itself ⇒ catch-22) but the DNS server obtained by
+ NetworkManager instead. This enables the use of hostnames for
+ proxies and pluggable transports (which is required for e.g. Meek).
+0. When we connect to the network, a NetworkManager hook starts Tor
Launcher in the background, i.e. non-blocking.
-3. [[Time_syncing]] waits until the user has committed their
+0. [[Time_syncing]] waits until the user has committed their
configuration via Tor Launcher and then does its usual magic to
ensure that Tor bootstraps even if the clock was incorrect. That is
the reason why we have to take the more complex approach of