Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

deepDNS: seamless Tor .onion site access, via cryptostorm

A core mission of cryptostorm is ensuring consistent, reliable network security with minimal fuss & drama. From DNS-based services like our DeepDNS in-browser native .onion/.i2p site access, through grounbreaking research on IP6 leakblocking, & to firewall-based structures to enable "fail-closed" security, this is where we discuss & develop cryptostorm-style leakblock tech.
User avatar

Topic Author
cryptostorm_team
ForumHelper
Posts: 159
Joined: Sat Mar 02, 2013 12:12 am

deepDNS: seamless Tor .onion site access, via cryptostorm

Postby cryptostorm_team » Wed Feb 11, 2015 5:16 am

{direct links: deepdns.dk + deepdns.bit + deepdns.net + deepdns.cryptostorm.org + cryptostorm.org/deepdns}

{git repository}

deepDNSlogo-leaves512.png
cryptostorm_team - a shared, team-wide forum account (not a person)
PLEASE DON'T SEND PRIVATE MESSAGES to this account, as we can't guarantee quick replies!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: support@cryptostorm.is
live chat support: #cryptostorm

User avatar

marzametal
Posts: 484
Joined: Mon Aug 05, 2013 11:39 am

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Postby marzametal » Wed Feb 11, 2015 5:42 am

No wonder the onion router would pop up nonstop in peerblock... cheeky bugger! :P

User avatar

cryptostorm_dev
ForumHelper
Posts: 20
Joined: Wed Jan 23, 2013 5:31 am

http://3g2upl4pq6kufc4m.onion

Postby cryptostorm_dev » Wed Feb 11, 2015 12:16 pm

DuckDuckGo-.png


User avatar

Pattern_Juggled
Posts: 1493
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Re: deepdns.dk

Postby Pattern_Juggled » Fri Feb 13, 2015 8:18 pm

parityboy wrote:Just tried this and got nothing. I assume this isn't in production yet?


It's deploying node-by-node; hence more of a rolling schedule until the full network is covered, at which point we'll loop back and fill in this placeholder thread with details. Meanwhile...

https://www.youtube.com/watch?v=avUoUaGdkeA

Cheers,

~ pj
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

Topic Author
cryptostorm_team
ForumHelper
Posts: 159
Joined: Sat Mar 02, 2013 12:12 am

“Words do their job, but what I'm doing here says a lot more.”

Postby cryptostorm_team » Sun Feb 15, 2015 8:55 pm

“Words do their job, but what I'm doing here says a lot more.”

goldsworthy1_.jpg
cryptostorm_team - a shared, team-wide forum account (not a person)
PLEASE DON'T SEND PRIVATE MESSAGES to this account, as we can't guarantee quick replies!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: support@cryptostorm.is
live chat support: #cryptostorm


taoeffect
Posts: 7
Joined: Wed Jan 07, 2015 5:16 am

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Postby taoeffect » Tue Mar 10, 2015 11:50 pm

I was just about to tweet how great it is that you folks are exploring blockchain-based tech, but then I tried to use your resolvers and see that they're not resolving .bit domains. Am I missing some instructions somewhere?

User avatar

parityboy
ForumHelper
Posts: 859
Joined: Wed Feb 05, 2014 3:47 am

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Postby parityboy » Wed Mar 11, 2015 4:23 am

@taoeffect

Which OS are you running? (please say Linux, lol) Seriously though, likely what's happening is that you are not using the DNS resolver on the node you're connected to. Try going to sites such as http://forum.i2p or https://3g2upl4pq6kufc4m.onion, and let us know if you are successful.

User avatar

Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Postby Tealc » Wed Mar 11, 2015 11:19 pm

@taoeffect

Everything is working just fine in my PC using the CS dns resolvers:-D

Actually almost all opennic dns servers can resolve .bit domains, but the best part of CS is that it can do much more, like .onion and .i2p seamless redirection. Once again thank you for that CS :-D


taoeffect
Posts: 7
Joined: Wed Jan 07, 2015 5:16 am

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Postby taoeffect » Sat Mar 14, 2015 5:14 am

Sorry folks I thought I would get email replies but either they're not working or I forgot to check "Notify me when a reply is posted".

I'm using OS X, but it shouldn't matter, right? Are these private resolvers that can only be accessed via VPN? I was using some IP address that I saw in a tweet from @cryptostorm_is. How should I test?

User avatar

parityboy
ForumHelper
Posts: 859
Joined: Wed Feb 05, 2014 3:47 am

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Postby parityboy » Sat Mar 14, 2015 10:49 pm

@taoeffect

Are you setting a DNS manually? If so, then remove it. Let the OpenVPN server push the correct DNS server IP to you.


taoeffect
Posts: 7
Joined: Wed Jan 07, 2015 5:16 am

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Postby taoeffect » Sun Mar 15, 2015 12:55 am

parityboy wrote:@taoeffect

Are you setting a DNS manually? If so, then remove it. Let the OpenVPN server push the correct DNS server IP to you.


Is there a way I can verify that the service is using DNSChain without having to pay for VPN access? If I can verify it, then I can give the cryptostorm_is folks a shoutout from either @okTurtles or @DNSChain.

User avatar

parityboy
ForumHelper
Posts: 859
Joined: Wed Feb 05, 2014 3:47 am

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Postby parityboy » Sun Mar 15, 2015 1:11 am

@taoeffect

The short answer is "no", since cryptofree doesn't offer that service. See your PM for further details. :)


taoeffect
Posts: 7
Joined: Wed Jan 07, 2015 5:16 am

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Postby taoeffect » Wed Mar 18, 2015 8:37 am

OK cool, thanks to parityboy I was able to test and verify that your VPN service does indeed seem to run DNSChain and provide .bit resolution.

Great job cryptostorm!

https://twitter.com/okTurtles/status/578037112039038977


vixsomnis
Posts: 2
Joined: Thu May 07, 2015 1:42 am

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Postby vixsomnis » Sun May 17, 2015 11:25 am

This looks useful, but don't you lose a layer of protection without the Tor brower bundle? Fingerprinting? I'm already a NoScript / Privacy Badger / Ghostery user with the obvious IP leaks plugged (WebRTC, IPv6), but there's also the fact that my browser is still unique on https://panopticlick.eff.org/ when I enable javascript, and Javascript is pretty much necessary to use any modern functional website (including some onion sites).

Doesn't seem like there's been a forum discussion on whether having transparent access to onion sites is something that should be this easy to access. Realistically, what kind of security risks are there?

Obviously, this feature is optional and practically impossible to accidentally access, but I just think it bears discussion.


Looks like the forums go deeper than I thought.

https://cryptostorm.org/torstorm/ for anyone who is searching for the threat model analysis and further explanation. Is this stickied?


Smithg4

John

Postby Smithg4 » Tue Sep 06, 2016 12:24 pm

Nice site. On your blogs extremely interest and i will tell a buddies. gceekbkaekedkdaa

User avatar

df
Site Admin
Posts: 226
Joined: Thu Jan 01, 1970 5:00 am

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Postby df » Tue Sep 06, 2016 3:30 pm

@vixsomnis

I'm not sure how accurate that forum thread/post is since it was written in 2014, but I'm pretty sure it's referring to our torstorm service provided via https://torstorm.org/ , which is a different thing than our transparent .onion access we provide to VPN clients.

Torstorm is a free service provided for the public, and works the same as any other onion2web service.
You would use it by replacing (using the DuckDuckGo .onion for example) http://3g2upl4pq6kufc4m.onion/ with https://3g2upl4pq6kufc4m.torstorm.org/ etc.
A CS account isn't required to use the torstorm service.
The nginx/lua setup that powers it does a few extra things to help keep users anonymous, like randomly changing everyone's user agent, and automatically removing any JS code that looks like it's trying to exploit the WebRTC vuln, no logging, and some other stuff that I'm probably forgetting.

It's different than the transparent .onion access CS provides, which is a feature that we don't really have a name for.
With torstorm, you get access to .onion sites from the clearnet.
With the transparent .onion feature, the request goes from you to the Tor instance running on the VPN server via the VPN tunnel, which means it doesn't involve the clearnet.
It's a little more secure/anonymous than using Tor directly on your own system (much faster too), but it does require a degree of trust towards CS because it puts us in a position where we could monitor your .onion traffic if we chose to (we never will, but there's no way for us to prove that we're not doing that).

If a customer doesn't want to use the service but still needs to access a .onion site while on CS, using Tor Browser would be the easiest way.
The transparent .onion feature uses what's basically DNS hijacking in order to redirect all .onion hosts to an IP in the 10.99.0.0/16 range (set by our server-side Tor's "VirtualAddrNetworkIPv4 10.99.0.0/16").
So as long as you set Tor Browser (or whichever browser you use) to send DNS requests to the socks server your Tor instance is running, then the CS transparent .onion feature will be unable to see your DNS request and change it to our Tor instance.


Return to “DeepDNS.net - cryptostorm's no-compromise DNS resolver framework”

Who is online

Users browsing this forum: No registered users and 1 guest

Login