To do an MX lookup over Tor, this command has worked for me for years:

$ torsocks dig @"$dns_server" -t mx -q "$email_domain" +noclass +nocomments +nostats +short +tcp +nosearch

In the past week or so it just hangs. My first thought was the DNS server I chose (8.8.8.8) started blocking tor. But in fact it does not matter what DNS server is queried. The whole Tor network is apparently blocking tor users from doing MX lookups.

Also notable that dig hangs forever. It does not timeout despite a default timeout interval of 5 seconds (according to the man page).

  • polaris64@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    4
    ·
    2 months ago

    I’ve just tried this (Tor version 0.4.8.12) and it seems to be working fine for me. I’ve tested with both 8.8.8.8 and 1.1.1.1.

    • soloActivist@links.hackliberty.orgOP
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      edit-2
      2 months ago

      Which torsocks version? Yours is probably newer than mine. It seems to be a problem with torsocks 2.3.0 and only with dig. And indeed there is nothing wrong at the network level because I was able to do an MX lookup over tor using a different method than torsocks. I’m also able to use other apps with torsocks, just not dig all of the sudden.

      • polaris64@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        2 months ago

        I’m using Torsocks 2.3.0 and DiG 9.20.1

        It could be the exit node that you’re using perhaps? Maybe you could try specifying a different exit node and trying again. Also check exit node policies to make sure DNS is allowed, although as your problem only seems to be with MX records then that might not be the cause.

        • soloActivist@links.hackliberty.orgOP
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          edit-2
          2 months ago

          Exit nodes are temporary unless you deliberately pin them for a particular connection, which I have not done for the DNS servers. The problem manifests without exception for weeks now, so it could not be attributed to a bad exit node. The tor microdescriptor db tracks the perms of every node, so I don’t think it would create a circuit for disallowed traffic. There could be an inconsistency between the microdesc and reality, but it would have to be a replicated inconsistency for every connection attempted with torsocks and yet not replicated on any connection made using the torsocks alternative (which works).