[Unbound-users] unbound + tor

ml at ruggedinbox.com ml at ruggedinbox.com
Wed Aug 13 18:45:13 UTC 2014

Hi we are trying to figure out the best way to handle DNS requests to 
both clearnet and Tor onionland,
while still having MX lookups working, in order to correctly send emails 
to clearnet hosts.

Currently we are using just Tor, configured as transparent proxy and DNS 
This is nice because all DNS requests are done thru Tor
but MX lookups will fail, and for an email provider service, this is a 
show stopper.

Various online resources suggest to use Tor only to resolve onion 
and Unbound for all the rest,
but we are having difficulties in configuring Unbound.

This is Debian 7 (wheezy)
and the configuration we are talking about should be something like 

# cat /etc/unbound/unbound.conf

     # The following line will configure unbound to perform cryptographic
     # DNSSEC validation using the root trust anchor.
     auto-trust-anchor-file: "/var/lib/unbound/root.key"
     tcp-upstream: yes
     do-udp: no

domain-insecure: "onion"
private-domain: "onion"
do-not-query-localhost: no

     name: "onion"
     forward-addr: at 54

54 is Tor DNS resolver port.
As you see, we are not Unbound experts, and this configuration does not 

Can you please supply a minimal Unbound configuration, that accepts DNS 
queries only from localhost
and that routes .onion requests to Tor on port 54 ?

Thanks for this great project and wish you great holidays!
RuggedInbox team

More information about the Unbound-users mailing list