tordnsel

TorDNSEL: A Tor DNS-based Exit List

For an overview, see the man page at doc/tordnsel.8.

The design document for TorDNSEL can be found at:

https://gitweb.torproject.org/tordnsel.git/blob/HEAD:/doc/torel-design.txt

Currently, only query type 1 from torel-design.txt is supported:

A request for the A record "1.0.0.10.80.4.3.2.1.ip-port.exitlist.example.com" would return 127.0.0.2 if there's a running Tor node at 10.0.0.1 that allows exits to port 80 at 1.2.3.4 and our ZoneOfAuthority is set to "exitlist.example.com". If there isn't such an exit node, we return NXDOMAIN. If the query is unsolicited and outside our zone of authority, we return REFUSED.

Presumably, users of software with built-in support for DNSBLs would configure [service port].[service address].ip-port.exitlist.example.com as a DNSBL.


Dependencies

TorDNSEL requires GHC 6.8. If you're running Debian Lenny:

apt-get install ghc6 libghc6-mtl-dev libghc6-network-dev libghc6-time-dev \
  libghc6-hunit-dev libghc6-stm-dev libghc6-binary-dev

OpenSSL's libcrypto is required for strong random numbers:

apt-get install libssl-dev

On non-Debian systems use your system's package manager or grab a binary distribution from the GHC website:

http://haskell.org/ghc/download.html

Building TorDNSEL

./Setup.lhs configure
./Setup.lhs build

If you want a tordnsel binary installed in /usr/local/bin:

sudo ./Setup.lhs copy

Configuring TorDNSEL

Copy config/tordnsel.conf.sample. At the very least, you'll need to uncomment and modify ZoneOfAuthority, DomainName, SOARName, StateDirectory, RuntimeDirectory, and probably DNSListenAddress.

To run exit tests, you'll need to specify at least EnableActiveTesting, TestListenAddress, and TestDestinationAddress.

Load a config file with the -f option.

Options listed in tordnsel.conf.sample can also be specified on the command line:

./tordnsel -f /etc/tordnsel.conf --ZoneOfAuthority exitlist.example.com

Command line options override those included in a config file.

TorDNSEL needs an accurate system clock, so it would be a good idea to run an ntpd.

Running TorDNSEL practically

cp config/tordnsel-init.d-script.sample /etc/init.d/tordnsel chmod +x /etc/init.d/tordnsel cp config/tordnsel.conf.sample /etc/tordnsel.conf # Configure it vim /etc/tordnsel.conf addgroup --system tordnsel adduser --ingroup tordnsel --system --no-create-home
--home /var/lib/tordnsel tordnsel mkdir /var/lib/tordnsel

update-rc.d tordnsel defaults /etc/init.d/tordnsel start

git clone git://git.numm.org/tordnsel

snapshot: tordnsel.zip

files