On Wed, 2023-03-15 at 18:58 -0700, ToddAndMargo via users wrote:
> Problem. Open DNS is specifically blocking
> tor.bravesoftware.com, screwing up my
> Brave Browser Private Windows with TOR.
And therein lay a problem with censorship, where someone else has set
the boundary. I can see why they made that decision, though. And I'll
bet that you're going to see far more things blocked than just this.
> Q1. that on purpose? Did Fedroa drop /etc/hosts?
As far as I was aware, if you create one it can be used. And it might
be your simplest solution to this problem.
Before I ran a DNS server I became aware that my ISPs DNS server was
terribly slow, and often didn't return results for their own services.
I had to put the IP record for their own usenet server in my hosts
file. That solved that problem. But it was also terrible at resolving
names for everything, so I ended up learning how to use BIND, and have
been running it ever since.
> Q2. If I created my own hosts, would it be read first
> or after named?
Traditionally hosts was consulted before other measures (making it
useful as an override). The priority of what is consulted to resolve
names is set in /etc/nsswitch.com (name server switch config file).
Scroll down to you find the hosts line. There's often a hashed-out
example, followed by what's actually used. The left-most entry is used
first, and it walks across the line until it finds an answer.
Mine's quite bare:
#hosts: db files nisplus nis dns
hosts: files dns
> Q3. Is there a way to hard code tor.bravesoftware.com
> into named?
It's possible, though can be unwise (you mightn't know all the info
about the domain you ought to put in, if they change their info you'd
need to change your local version, and it could take some time before
you worked out that had happened).
In /etc/named.conf you'd specify a zone file for the records. I'm
showing an example from something else on my BIND server:
zone "testbed.lan" { type master; file "static/testbed.lan.zone"; };
That filepath would be /var/named/static/testbed.lan.zone on a non-
chrooted system. And on a chrooted system, it's probably:
/var/named/chroot/static/testbed.lan.zone
And in that zone file, you need some basic data, plus the actual domain
name's IPs.
$ORIGIN .
$TTL 86400 ; 1 day
testbed.lan IN SOA ns.testbed.lan hostmaster.testbed.lan (
42 ; serial
300 ; refresh (5 minutes)
900 ; retry (15 minutes)
3600 ; expire (1 hour)
1800 ; minimum (30 minutes)
)
NS ns.testbed.lan.
A 192.168.1.1
MX 1 mail.testbed.lan.
$ORIGIN testbed.lan.
mail A 192.168.1.1
ns A 192.168.1.1
web CNAME www
www A 192.168.1.1
Looking at the data in it, the pertinent bits to a domain, starting at
the third line, there's the domain name, its nameserver address, the
contact address for the record (the first dot is where the @ sign
normally goes). Further down is the NS record, the A record for the
whole domain, the MS record for its mail server. Then some A records
and a CNAME record. You'd have to customise all of that.
If I do a dig request on tor.bravesoftware.com, I get this:
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.13 <<>> tor.bravesoftware.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50941
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 4, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;tor.bravesoftware.com. IN A
;; ANSWER SECTION:
tor.bravesoftware.com. 300 IN CNAME d2dy5tljjyhryf.cloudfront.net.
d2dy5tljjyhryf.cloudfront.net. 60 IN A 18.67.111.68
d2dy5tljjyhryf.cloudfront.net. 60 IN A 18.67.111.71
d2dy5tljjyhryf.cloudfront.net. 60 IN A 18.67.111.87
d2dy5tljjyhryf.cloudfront.net. 60 IN A 18.67.111.9
;; AUTHORITY SECTION:
d2dy5tljjyhryf.cloudfront.net. 1830 IN NS ns-1729.awsdns-24.co.uk.
d2dy5tljjyhryf.cloudfront.net. 1830 IN NS ns-831.awsdns-39.net.
d2dy5tljjyhryf.cloudfront.net. 1830 IN NS ns-1165.awsdns-17.org.
d2dy5tljjyhryf.cloudfront.net. 1830 IN NS ns-288.awsdns-36.com.
;; Query time: 1933 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Mar 16 13:23:57 ACDT 2023
;; MSG SIZE rcvd: 291
Which gives you a CNAME and A records you could make use of, as well as
several NS records. Looking at the info, and the nature of tor, I'd
hazard a guess that from one time to another, the CNAME is going to
change, and you'd need all the A records for the new host.
--
uname -rsvp
Linux 3.10.0-1160.83.1.el7.x86_64 #1 SMP Wed Jan 25 16:41:43 UTC 2023 x86_64
Boilerplate: All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
