MaraDNS and tsocks

[Sam Trenholme]

> I'm currently trying to find a solution DNS leaks when I am on public
> networks. If it is possible to run MaraDNS through tsocks on my local
> computer it probably will solve my problems. Does anyone know if it is
> possible to force MaraDNS into "TCP" only?

It’s not possible to do this without seriously hacking MaraDNS’ source
code.  DNS is, first and foremost, a UDP protocol, and, as it turns
out, packets over 512 bytes in size are so rare that it works fine
without TCP at all.

MaraDNS supports TCP, mainly to be RFC compliant, but can’t work
without UDP (the recursive resolver, for example, doesn’t use TCP).

Deadwood, the recursive resolver in development that MaraDNS 2.0 will
use also doesn’t full support TCP; when someone sends a DNS-over-TCP
packet, Deadwood converts it to a UDP packet to store upstream, only
using TCP when a truncated packet is received (which is not cached).
TCP is disabled by default in Deadwood (really, you don’t need it),
and DNS-over-TCP packets aren’t cached in Deadwood.

- Sam

Note: I do not answer MaraDNS (including Deadwood) support requests
sent by private email without being compensated for my time. A MaraDNS
support request is any and all discussion you may wish to have about
MaraDNS in private email; if you want to email me to talk about
MaraDNS then, yes, that is a support request. I will discuss rates if
you want this kind of support. Thank you for your understanding.

MaraDNS security vulnerability reports, however, will be dealt with
without charge and kept confidential. If you don't know what Bugtraq
is, then, no, your email is not a security report. It is not a
security report unless you've done due diligence to determine how the
security bug you think you found can reasonably be exploited.