i2p tech question about dns

[bwdcal]

Hello everyone,

how is the dns handled when i2p opens http proxy service?

Is there any privacy issue of dns leakage?

Can you introduce the relevant details?

[echelon]

Hi

the DNS requests goes through the tunnel to the http proxy, which resolves the http(s)/DNS requests

echelon

[bwdcal]

Hi

the DNS requests goes through the tunnel to the http proxy, which resolves the http(s)/DNS requests

echelon

hi, my question is:

If i use i2p as a http proxy server on a device, then other device connect to i2p http proxy port and access internet.

How does i2p handle dns?

[denker]

Hi bwdcal,

the dns requests is handled by the browser/client. It depends how the browser is configured. If you set a proxy destination in your browser, in ypur case the i2p router, the dns requests is send to your i2p router. You can bypass URLs with the "no proxy for" setting. If your entered a URl that matches one in the bypass list, the client use the configured dns on your system (i.e. local hosts file, ISP DNS, ...). If you use an outproxy (for clearnet) on the i2p router and you try to access public clearnet sites I assume the i2p router will then pass your dns request to this outproxy.
If you use more devices in your network with i2p and configured all devices to use the i2prouter as a proxy, the dns requests will send to the i2p router. I am not sure, but to prevent leakage of dns requests to the clearnet, all applications which you are using in combination with i2p has to use the i2p router as proxy. If there is no setting to use a proxy in the application, you should be careful.

Please correct me if i am wrong.

[bwdcal]

Hi bwdcal,

the dns requests is handled by the browser/client. It depends how the browser is configured. If you set a proxy destination in your browser, in ypur case the i2p router, the dns requests is send to your i2p router. You can bypass URLs with the "no proxy for" setting. If your entered a URl that matches one in the bypass list, the client use the configured dns on your system (i.e. local hosts file, ISP DNS, ...). If you use an outproxy (for clearnet) on the i2p router and you try to access public clearnet sites I assume the i2p router will then pass your dns request to this outproxy.
If you use more devices in your network with i2p and configured all devices to use the i2prouter as a proxy, the dns requests will send to the i2p router. I am not sure, but to prevent leakage of dns requests to the clearnet, all applications which you are using in combination with i2p has to use the i2p router as proxy. If there is no setting to use a proxy in the application, you should be careful.

Please correct me if i am wrong.

hi, thanks for u reply.

I think u are right, but if have more detail tech doc about how i2p handle dns should better for people to use it.

[lgillis]

They have already explained the system clearly. Here are more basics: RFC 1035: Domain names - implementation and specification. And it follows for I2P that it should be a self-contained network:

I2P does not promote the use of DNS-like services though, as the damage done by hijacking a site can be tremendous - and insecure destinations have no value. DNSsec itself still falls back on registrars and certificate authorities, while with I2P, requests sent to a destination cannot be intercepted or the reply spoofed, as they are encrypted to the destination's public keys, and a destination itself is just a pair of public keys and a certificate. DNS-style systems on the other hand allow any of the name servers on the lookup path to mount simple denial of service and spoofing attacks. Adding on a certificate authenticating the responses as signed by some centralized certificate authority would address many of the hostile nameserver issues but would leave open replay attacks as well as hostile certificate authority attacks.

The excerpt is from: Naming library and address book.

In addition, you should ask the providers of the particular outproxy operators you are using. Here you can find the e-mail address of StormyCloud Inc.

[NarratorZ-new]

hi, thanks for u reply.

I think u are right, but if have more detail tech doc about how i2p handle dns should better for people to use it.

网站上的文档没人翻我有什么办法，最近我是没空。

如果你想帮助翻译请注册transifex

https://www.transifex.com/otf/I2P/

[bwdcal]

hi, thanks for u reply.

I think u are right, but if have more detail tech doc about how i2p handle dns should better for people to use it.

网站上的文档没人翻我有什么办法，最近我是没空。

如果你想帮助翻译请注册transifex

https://www.transifex.com/otf/I2P/

hi, i am want to help, but i am not a tech user.

i think i can do other things to help this project.

[orfX]

hi, hello, my queries go through dnscrypt-proxy.

i added to the configuration file:
force_tcp = true
http_proxy='http://127.0.0.1:8118'

because my http and https queries pass through privoxy. And privoxy redirect the entire system to i2p

there is an option in the config file that is for tor but we could very well modify it for i2p:
# socks proxy
## uncomment the following line to route all tcp connections to a local tor node
## tor doesn't support udp, so set `force_tcp` to true as well.

# proxy = 'socks5://127.0.0.1:9050'

it may be interesting to make a socks server with i2p and redirect dns traffic on it.

[bwdcal]

hi, hello, my queries go through dnscrypt-proxy.

i added to the configuration file:
force_tcp = true
http_proxy='http://127.0.0.1:8118'

because my http and https queries pass through privoxy. And privoxy redirect the entire system to i2p

there is an option in the config file that is for tor but we could very well modify it for i2p:
# socks proxy
## uncomment the following line to route all tcp connections to a local tor node
## tor doesn't support udp, so set `force_tcp` to true as well.

# proxy = 'socks5://127.0.0.1:9050'

it may be interesting to make a socks server with i2p and redirect dns traffic on it.

i think you can use i2p socks5 to forward dns-over-https.

so, the traffic is encrypt and anynomose.