Page 1 of 1

deepDNS: seamless Tor .onion site access, via cryptostorm

Posted: Wed Feb 11, 2015 5:16 am
by cryptostorm_team
{direct links: deepdns.dk + deepdns.bit + deepdns.net + deepdns.cryptostorm.org + cryptostorm.org/deepdns}

{git repository}

deepDNSlogo-leaves512.png

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Posted: Wed Feb 11, 2015 5:42 am
by marzametal
No wonder the onion router would pop up nonstop in peerblock... cheeky bugger! :P

http://3g2upl4pq6kufc4m.onion

Posted: Wed Feb 11, 2015 12:16 pm
by cryptostorm_dev
DuckDuckGo-.png

Re: deepdns.dk ~ seamless Tor .onion site access, via cryptostorm

Posted: Fri Feb 13, 2015 4:34 pm
by parityboy
@thread

Just tried this and got nothing. I assume this isn't in production yet?

Re: deepdns.dk

Posted: Fri Feb 13, 2015 8:18 pm
by Pattern_Juggled
parityboy wrote:Just tried this and got nothing. I assume this isn't in production yet?


It's deploying node-by-node; hence more of a rolling schedule until the full network is covered, at which point we'll loop back and fill in this placeholder thread with details. Meanwhile...

https://www.youtube.com/watch?v=avUoUaGdkeA

Cheers,

~ pj

“Words do their job, but what I'm doing here says a lot more.”

Posted: Sun Feb 15, 2015 8:55 pm
by cryptostorm_team
“Words do their job, but what I'm doing here says a lot more.”

goldsworthy1_.jpg

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Posted: Tue Mar 10, 2015 11:50 pm
by taoeffect
I was just about to tweet how great it is that you folks are exploring blockchain-based tech, but then I tried to use your resolvers and see that they're not resolving .bit domains. Am I missing some instructions somewhere?

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Posted: Wed Mar 11, 2015 4:23 am
by parityboy
@taoeffect

Which OS are you running? (please say Linux, lol) Seriously though, likely what's happening is that you are not using the DNS resolver on the node you're connected to. Try going to sites such as http://forum.i2p or https://3g2upl4pq6kufc4m.onion, and let us know if you are successful.

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Posted: Wed Mar 11, 2015 11:19 pm
by Tealc
@taoeffect

Everything is working just fine in my PC using the CS dns resolvers:-D

Actually almost all opennic dns servers can resolve .bit domains, but the best part of CS is that it can do much more, like .onion and .i2p seamless redirection. Once again thank you for that CS :-D

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Posted: Sat Mar 14, 2015 5:14 am
by taoeffect
Sorry folks I thought I would get email replies but either they're not working or I forgot to check "Notify me when a reply is posted".

I'm using OS X, but it shouldn't matter, right? Are these private resolvers that can only be accessed via VPN? I was using some IP address that I saw in a tweet from @cryptostorm_is. How should I test?

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Posted: Sat Mar 14, 2015 10:49 pm
by parityboy
@taoeffect

Are you setting a DNS manually? If so, then remove it. Let the OpenVPN server push the correct DNS server IP to you.

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Posted: Sun Mar 15, 2015 12:55 am
by taoeffect
parityboy wrote:@taoeffect

Are you setting a DNS manually? If so, then remove it. Let the OpenVPN server push the correct DNS server IP to you.


Is there a way I can verify that the service is using DNSChain without having to pay for VPN access? If I can verify it, then I can give the cryptostorm_is folks a shoutout from either @okTurtles or @DNSChain.

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Posted: Sun Mar 15, 2015 1:11 am
by parityboy
@taoeffect

The short answer is "no", since cryptofree doesn't offer that service. See your PM for further details. :)

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Posted: Wed Mar 18, 2015 8:37 am
by taoeffect
OK cool, thanks to parityboy I was able to test and verify that your VPN service does indeed seem to run DNSChain and provide .bit resolution.

Great job cryptostorm!

https://twitter.com/okTurtles/status/578037112039038977

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Posted: Sun May 17, 2015 11:25 am
by vixsomnis
This looks useful, but don't you lose a layer of protection without the Tor brower bundle? Fingerprinting? I'm already a NoScript / Privacy Badger / Ghostery user with the obvious IP leaks plugged (WebRTC, IPv6), but there's also the fact that my browser is still unique on https://panopticlick.eff.org/ when I enable javascript, and Javascript is pretty much necessary to use any modern functional website (including some onion sites).

Doesn't seem like there's been a forum discussion on whether having transparent access to onion sites is something that should be this easy to access. Realistically, what kind of security risks are there?

Obviously, this feature is optional and practically impossible to accidentally access, but I just think it bears discussion.


Looks like the forums go deeper than I thought.

https://cryptostorm.org/torstorm/ for anyone who is searching for the threat model analysis and further explanation. Is this stickied?

John

Posted: Tue Sep 06, 2016 12:24 pm
by Smithg4
Nice site. On your blogs extremely interest and i will tell a buddies. gceekbkaekedkdaa

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Posted: Tue Sep 06, 2016 3:30 pm
by df
@vixsomnis

I'm not sure how accurate that forum thread/post is since it was written in 2014, but I'm pretty sure it's referring to our torstorm service provided via https://torstorm.org/ , which is a different thing than our transparent .onion access we provide to VPN clients.

Torstorm is a free service provided for the public, and works the same as any other onion2web service.
You would use it by replacing (using the DuckDuckGo .onion for example) http://3g2upl4pq6kufc4m.onion/ with https://3g2upl4pq6kufc4m.torstorm.org/ etc.
A CS account isn't required to use the torstorm service.
The nginx/lua setup that powers it does a few extra things to help keep users anonymous, like randomly changing everyone's user agent, and automatically removing any JS code that looks like it's trying to exploit the WebRTC vuln, no logging, and some other stuff that I'm probably forgetting.

It's different than the transparent .onion access CS provides, which is a feature that we don't really have a name for.
With torstorm, you get access to .onion sites from the clearnet.
With the transparent .onion feature, the request goes from you to the Tor instance running on the VPN server via the VPN tunnel, which means it doesn't involve the clearnet.
It's a little more secure/anonymous than using Tor directly on your own system (much faster too), but it does require a degree of trust towards CS because it puts us in a position where we could monitor your .onion traffic if we chose to (we never will, but there's no way for us to prove that we're not doing that).

If a customer doesn't want to use the service but still needs to access a .onion site while on CS, using Tor Browser would be the easiest way.
The transparent .onion feature uses what's basically DNS hijacking in order to redirect all .onion hosts to an IP in the 10.99.0.0/16 range (set by our server-side Tor's "VirtualAddrNetworkIPv4 10.99.0.0/16").
So as long as you set Tor Browser (or whichever browser you use) to send DNS requests to the socks server your Tor instance is running, then the CS transparent .onion feature will be unable to see your DNS request and change it to our Tor instance.

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Posted: Sat Apr 15, 2017 4:14 pm
by kapu
I'm sorry, but is there a tutorial/doc to see how to use deepDNS on a linuxmint computer?

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Posted: Sat Apr 15, 2017 5:58 pm
by parityboy
@kapu

Not that I'm aware of, but the use of DeepDNS should be transparent to you, once connected. You may have to enable resolution of .onion URIs in your browser of choice, but outside of that it should Just Work.

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Posted: Sat Apr 15, 2017 6:14 pm
by kapu
Ok, and how do I enable resolution of .onion URls for chromium or firefox?
And can't I manage my DNS resolver to use DeepDNS in order to avoid DNS leaks?

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Posted: Sat Apr 15, 2017 9:48 pm
by crypto_addict
Well, for me I downloaded a script which is at https://github.com/cryptostorm-dev/csto ... tostorm.sh. First, I connect to the internet. After I get connected to the internet/cryptostorm, I run the script as root. Then no more DNS leak. Only thing is if you get disconnected, you may have to flush your iptables or just restarting your computer will clear the iptables also. Anything else? I've also downloaded shorewall and although I have not set it up yet, it may work better for the disconnection issue because it is supposed to load and unload iptable configurations with a compile/execute method. I know firewalld does it on the fly, but haven't set that up either so far. It is a more involving process to setup, but probably worth the effort if/when I get around to it.

Edit: I just found a better post than mine from Fermi. Go to viewtopic.php?f=32&t=9298. There you will find more about this; although my post is kinda right, he has the solution for making it persistent across bootups. Hope this helped!