{{Header}} {{#seo: |description=Information about {{project_name_gateway_long}} System DNS, /etc/resolv.conf, and nslookup. Getting System DNS working on {{project_name_gateway_long}}. |image=Robot-162087640.png }} [[image:Robot-162087640.png|200px|thumb]] {{intro| Information about {{project_name_gateway_short}} System DNS, /etc/resolv.conf, and nslookup. Getting System DNS working on {{project_name_gateway_short}}. }} = Introduction = {{Box|text= System DNS is defined as: * Resolving DNS: ** Without the use of a socksifier such as torsocks, ** Without application proxy settings, ** Without a Tor SocksPort. * Using the standard mechanisms on Linux for DNS resolution. * Typically configured through the configuration file /etc/resolv.conf. * The process that occurs when running nslookup. }} {{Box|text= {{TorifiedGateway}} }} {{Box|text= {{project_name_workstation_long}} is configured to use various [https://2019.www.torproject.org/docs/tor-manual.html.en#SocksPort SocksPorts], [https://2019.www.torproject.org/docs/tor-manual.html.en#DNSPort DNSPort], and [https://2019.www.torproject.org/docs/tor-manual.html.en#TransPort TransPort]. See also [[Stream Isolation]]. By default, using system DNS on {{project_name_workstation_long}} does not require {{project_name_gateway_short}} system DNS. This is because DNS traffic originating from {{project_name_workstation_short}} is redirected to Tor's DNSPort running on {{project_name_gateway_short}} by the [[Whonix-Gateway Firewall]]. Modifications to /etc/resolv.conf on {{project_name_gateway_short}} do not affect {{project_name_workstation_short}}. }} {{Box|text= {{project_name_gateway_short}} is only configured to use various SocksPorts. A global system DNS resolver for resolving DNS requests from applications running on {{project_name_gateway_short}} isn't necessary for most common use cases, so it isn't enabled by default. Potential use cases where this could be beneficial include: * Resolving the hostname of a proxy specified in /usr/local/etc/torrc.d/50_user.conf via Tor ([https://sourceforge.net/projects/whonix/discussion/general/thread/41116dda/ technical explanation]). * Resolving the hostname of a VPN. However, a VPN configuration using only IPs would be more suitable. * One could consider using /etc/hosts for such scenarios instead of enabling system DNS. }} = Whonix-Gateway Default System DNS Setting = As of this writing, no DNS server is pre-configured. To verify this, users can run the command below. This command will display all lines in the system DNS configuration file /etc/resolv.conf except those that are commented out (lines starting with a hash ("#")). {{CodeSelect|code= cat /etc/resolv.conf {{!}} grep --invert-match \# }} Modifying this configuration may be safe, beneficial, and necessary for certain use cases such as [[Bridges]], pluggable transports, simplified meek and [[Bridges#Snowflake|snowflake]] support. https://forums.whonix.org/t/censorship-circumvention-tor-pluggable-transports/2601/40 = Whonix-Gateway System DNS Configuration = {{Tab |type=controller |addToClass=info-box |content= {{Tab |title= == Whonix-Gateway System DNS over Clearnet == |type=section |addToClass=info-box |active=true |content= === Setup === Notes: * '''This is generally not recommended and is often unnecessary.''' * However, it simplifies the setup when using [[Bridges]] with [[Bridges#Snowflake|Snowflake]]. {{Whonix-Gateway System DNS over Clearnet}} === Test === Notes: * If you're using [[Bridges#Snowflake|Snowflake]], testing this is typically unnecessary. To test, use the {{project_name_gateway_short}} user named clearnet. {{mbox | type = critical | image = [[File:Ambox_warning_pn.svg.png|40px]] | text = Be cautious: When using the clearnet user account, traffic will bypass Tor and use the standard internet, compromising anonymity! }} Run bash as user clearnet. This is analogous to logging in as the user clearnet. {{CodeSelect|code= sudo -u clearnet bash }} To verify, you can use a tool like ping: {{CodeSelect|code= ping google.com }} }} {{Tab |title= == Whonix-Gateway System DNS over Tor == |type=section |addToClass=info-box |active=false |content= '''This approach is generally not recommended and is often unnecessary.''' Torified Whonix-Gateway System DNS. [[Undocumented]]. }} }} = See Also = * [[{{project_name_gateway_short}}_Own_Traffic_Transparent_Proxy|Enable Transparent Proxying for {{project_name_gateway_short}} own traffic]] = Footnotes = {{reflist|close=1}} {{Footer}} [[Category:Documentation]]