i2p tech question about dns

I2P router issues
Post Reply
bwdcal
Posts: 53
Joined: 07 Jan 2023 13:41

i2p tech question about dns

Post by bwdcal »

Hello everyone,

how is the dns handled when i2p opens http proxy service?

Is there any privacy issue of dns leakage?

Can you introduce the relevant details?
>>o<<
echelon
Posts: 261
Joined: 10 Feb 2018 13:36

Re: i2p tech question about dns

Post by echelon »

Hi

the DNS requests goes through the tunnel to the http proxy, which resolves the http(s)/DNS requests

echelon
bwdcal
Posts: 53
Joined: 07 Jan 2023 13:41

Re: i2p tech question about dns

Post by bwdcal »

echelon wrote: 27 Mar 2023 07:27 Hi

the DNS requests goes through the tunnel to the http proxy, which resolves the http(s)/DNS requests

echelon
hi, my question is:

If i use i2p as a http proxy server on a device, then other device connect to i2p http proxy port and access internet.

How does i2p handle dns?
>>o<<
denker
Posts: 9
Joined: 19 Jul 2019 17:30

Re: i2p tech question about dns

Post by denker »

Hi bwdcal,

the dns requests is handled by the browser/client. It depends how the browser is configured. If you set a proxy destination in your browser, in ypur case the i2p router, the dns requests is send to your i2p router. You can bypass URLs with the "no proxy for" setting. If your entered a URl that matches one in the bypass list, the client use the configured dns on your system (i.e. local hosts file, ISP DNS, ...). If you use an outproxy (for clearnet) on the i2p router and you try to access public clearnet sites I assume the i2p router will then pass your dns request to this outproxy.
If you use more devices in your network with i2p and configured all devices to use the i2prouter as a proxy, the dns requests will send to the i2p router. I am not sure, but to prevent leakage of dns requests to the clearnet, all applications which you are using in combination with i2p has to use the i2p router as proxy. If there is no setting to use a proxy in the application, you should be careful. :)

Please correct me if i am wrong.
denke leider nur gelegentlich. :)
bwdcal
Posts: 53
Joined: 07 Jan 2023 13:41

Re: i2p tech question about dns

Post by bwdcal »

denker wrote: 27 Mar 2023 17:20 Hi bwdcal,

the dns requests is handled by the browser/client. It depends how the browser is configured. If you set a proxy destination in your browser, in ypur case the i2p router, the dns requests is send to your i2p router. You can bypass URLs with the "no proxy for" setting. If your entered a URl that matches one in the bypass list, the client use the configured dns on your system (i.e. local hosts file, ISP DNS, ...). If you use an outproxy (for clearnet) on the i2p router and you try to access public clearnet sites I assume the i2p router will then pass your dns request to this outproxy.
If you use more devices in your network with i2p and configured all devices to use the i2prouter as a proxy, the dns requests will send to the i2p router. I am not sure, but to prevent leakage of dns requests to the clearnet, all applications which you are using in combination with i2p has to use the i2p router as proxy. If there is no setting to use a proxy in the application, you should be careful. :)

Please correct me if i am wrong.
hi, thanks for u reply.

I think u are right, but if have more detail tech doc about how i2p handle dns should better for people to use it.
>>o<<
User avatar
lgillis
Posts: 144
Joined: 20 Oct 2018 12:52

Re: i2p tech question about dns

Post by lgillis »

They have already explained the system clearly. Here are more basics: RFC 1035: Domain names - implementation and specification. And it follows for I2P that it should be a self-contained network:
I2P does not promote the use of DNS-like services though, as the damage done by hijacking a site can be tremendous - and insecure destinations have no value. DNSsec itself still falls back on registrars and certificate authorities, while with I2P, requests sent to a destination cannot be intercepted or the reply spoofed, as they are encrypted to the destination's public keys, and a destination itself is just a pair of public keys and a certificate. DNS-style systems on the other hand allow any of the name servers on the lookup path to mount simple denial of service and spoofing attacks. Adding on a certificate authenticating the responses as signed by some centralized certificate authority would address many of the hostile nameserver issues but would leave open replay attacks as well as hostile certificate authority attacks.
The excerpt is from: Naming library and address book.

In addition, you should ask the providers of the particular outproxy operators you are using. Here you can find the e-mail address of StormyCloud Inc.
Spring https://www.youtube.com/playlist?list=PLF-q-IGQQb1uK7fYuaQiRpcORDSmfsY2n
User avatar
NarratorZ-new
Posts: 90
Joined: 06 Sep 2022 15:09

Re: i2p tech question about dns

Post by NarratorZ-new »

bwdcal wrote: 28 Mar 2023 02:16
hi, thanks for u reply.

I think u are right, but if have more detail tech doc about how i2p handle dns should better for people to use it.
网站上的文档没人翻我有什么办法,最近我是没空。

如果你想帮助翻译请注册transifex

https://www.transifex.com/otf/I2P/
A satisfied I2Pd user, I2Pd 2.50.0
bwdcal
Posts: 53
Joined: 07 Jan 2023 13:41

Re: i2p tech question about dns

Post by bwdcal »

NarratorZ-new wrote: 31 Mar 2023 12:45
bwdcal wrote: 28 Mar 2023 02:16
hi, thanks for u reply.

I think u are right, but if have more detail tech doc about how i2p handle dns should better for people to use it.
网站上的文档没人翻我有什么办法,最近我是没空。

如果你想帮助翻译请注册transifex

https://www.transifex.com/otf/I2P/
hi, i am want to help, but i am not a tech user.

i think i can do other things to help this project.
>>o<<
orfX
Posts: 11
Joined: 18 Feb 2019 12:52

Re: i2p tech question about dns

Post by orfX »

hi, hello, my queries go through dnscrypt-proxy.

i added to the configuration file:
force_tcp = true
http_proxy='http://127.0.0.1:8118'


because my http and https queries pass through privoxy. And privoxy redirect the entire system to i2p

there is an option in the config file that is for tor but we could very well modify it for i2p:
# socks proxy
## uncomment the following line to route all tcp connections to a local tor node
## tor doesn't support udp, so set `force_tcp` to true as well.

# proxy = 'socks5://127.0.0.1:9050'


it may be interesting to make a socks server with i2p and redirect dns traffic on it.
bwdcal
Posts: 53
Joined: 07 Jan 2023 13:41

Re: i2p tech question about dns

Post by bwdcal »

orfX wrote: 13 Apr 2023 05:56 hi, hello, my queries go through dnscrypt-proxy.

i added to the configuration file:
force_tcp = true
http_proxy='http://127.0.0.1:8118'


because my http and https queries pass through privoxy. And privoxy redirect the entire system to i2p

there is an option in the config file that is for tor but we could very well modify it for i2p:
# socks proxy
## uncomment the following line to route all tcp connections to a local tor node
## tor doesn't support udp, so set `force_tcp` to true as well.

# proxy = 'socks5://127.0.0.1:9050'


it may be interesting to make a socks server with i2p and redirect dns traffic on it.
i think you can use i2p socks5 to forward dns-over-https.

so, the traffic is encrypt and anynomose.
>>o<<
Post Reply