Opera won't tunnel DNS requests over a socks5 proxy if you have one set. This is an example of how I used system wide changes to get Opera (and everything else) to use an ssh tunnel for DNS using a remote virtual private server, socat, dnsmasq, ssh, and resolv.conf. Both home and server are ubuntu 10.04.
(If you're on windows try: dns2socks.)
## In examples,
## vps.yourhost.com is remote VPS
## I use 'username' as my account on both the VPS and the my home machine. So I don't specify user in the commands below.
## Normally with ssh you can specify user with -l, like -l username
## Setup http tunnel, set Opera to use socks5 proxy 8080
ssh -C2qTnN -D 8080 vps.yourhost.com
## Setup DNS tunnel... the scheme is:
## Opera-> system dns on 127.0.0.1-> socat listens on port 53 redirects to 5353->
## ssh forwards port 5353 from 127.0.0.1 to vps.yourhost.com VPS->
## On the VPS another instance of socat takes port 5353 from the ssh tunnel and redirects to 53 local to VPS->
## VPS is running dnsmasq DNS proxy listening on 53, it proxies the DNS request to it's DNS server->
## VPS's DNS server sends back answer and it goes back through the established chain-> Opera
# local machine
# has primary DNS set to 127.0.0.1 , secondary to router's DNS.
sudo socat tcp4-listen:5353,reuseaddr,fork UDP:127.0.0.1:53
ssh -N -L 5353:127.0.0.1:5353 vps.yourhost.com
# remote machine
# with dnsmasq DNS proxy running on port 53,
# as root do;
socat -T15 udp4-recvfrom:53,reuseaddr,fork tcp:localhost:5353
Set /etc/resolv.conf to use localhost for DNS with the router as backup (for before you start the tunnel).
#search namecoin-suffix.dot-bit.org # check .bit address first
nameserver 127.0.0.1 # VPS SSH DNS tunnel (no .bit resolver)
nameserver 192.168.1.1 # Router based DNSmasq .bit resolver and normal DNS fallback
If you leave a backup nameserver Opera will still leak DNS and use it when the latency of answers from the tunneled DNS becomes high. For example, when I load a 300+ tab Opera session more than half of the DNS requests are sent unencrypted to 192.168.1.1. So, disable the backup nameserver by commenting it out once you've set up the tunnel.
## So... after doing all this after every reboot ( I made scripts ) Opera will now browse "securely".
## Opera->127.0.0.1:53->127.0.0.1:5353->ssh->(vps.yourhost.com:5353)->vps.yourhost.com:53->dns proxy->(real DNS server)->SUCCESS
## firefox makes things so much fucking easier.
## For Firefox you can just set it to use socks5 proxy for DNS requests
## network.proxy.socks_remote_dns = true , and,
ssh -C2qTnN -D 8080 vps.yourhost.com
# SUCCESS
You may not access or use the site superkuh.com unless you are under 7 years of age. If you do not agree then you must leave now.
The US Dept. of Justice has determined that violating a website's terms of service is a felony under CFAA 1030(a)2(c). Under this same law I can declare that you may only use one IP address to access this site; circumvention is a felony. Absurd, isn't it?
It is my policy to regularly delete server logs.
I enjoy recursion, dissipating local energy gradients, lipid bilayers, particle acceleration, heliophysics instrumentation and generally anything with a high rate of change in electrical current. This site is a combination of my efforts to archive what I find interesting and my shoddy attempts to implement the aformentioned without a budget.
I get all email sent to @superkuh.com
Make-up any address *@superkuh.com
TorChat: fri6mj44l5bujjyp
I also use Retroshare.
This site was previously located at superkuh.ath.cx, but that subdomain system was shut down.
Then it was at superkuh.com for a while until all data was lost. Now it's back, same place, much less content.
superkuh.bit on namecoin DNS.