Hi,
I would appreciate feedback on how best to go about setting unbound to handle queries for tor services/domains.
Running a tor daemon client node as SOCKS5 proxy with username/password credentials @ 192.168.112.12:9100 (tcp)
First off my understanding is that < onion. | test. | invalid. > by unbound’s default are resulting in nx and thus would start off with:
server:
domain-insecure: onion
local-zone: “onion.” static
local-data: “onion. IN A 192.168.112.12”
tls-cert-bundle: “/path/to/tor/cached-certs”
trust-anchor-file: “/path/to/tor/cached-microdesc-consensus”
Not sure whether/how unbound would interpret the trust-anchor-file and whether it can be even considered a trust-anchor?
and then perhaps
forward-zone:
name: “onion.”
forward-addr: 192.168.112.12@9100
And there it stops with username/password credentials for the SOCKS5 proxy since I could not find a directive for unbound to parse those.
Would the unbound queries work anyway if the tor node would be running as SOCKS5 proxy but sans credentials?
Since tor node is caching < cached-microdescs > I was wondering whether that could perhaps satisfy auth-zone as opposed to forwarding (and thus avoiding querying the SOCKS5 proxy?
auth-zone:
name: “onion.”
for-downstream: no
fallback-enabled: no
zonefile: “/path/to/tor/cached-microdescs”