DNS while using Tor

robertocarlos · June 30, 2025, 1:44pm

Hello, which is better, use default DNS while using tor or Orbot? Or even more secure would be using DNScrypt or oDoH, for example by using RethinkDNS or Invizible Pro.
Anyway DNS is in both scenarios different than isp, but are all options encrypted, what about leaks, or other security considerations?

rundfunk · July 4, 2025, 11:36am

Tor - because it is private, secure and really anonymous. The Tor ExitNode (the last link in the chain) does the DNS resolution and doesn’t know you. You get all DNS information back encrypted.

But this entry must not be missing in the Tor configuration file torrc.

SafeSocks 1

robertocarlos · July 4, 2025, 5:31pm

Do i need to change to that or its by default?

SkewedZeppelin · July 4, 2025, 5:33pm

The SafeSocks option is irrelevant to Orbot usage when using the VPN mode.

SkewedZeppelin · July 4, 2025, 5:35pm

If you want to have .onion access or strictly ensure that your requests are processed by each respective exit node you should not change DNS settings and ensure the system Private DNS and Chromium Secure DNS features are disabled.

However if you want to use a DNS blocker or the security benefits of a protective DNS (blocking or DNSSEC) then you should use the system Private DNS feature.

If you want more control of blocking and doing so client side, then you can use Rethink combined with Orbot.

SkewedZeppelin · July 4, 2025, 5:37pm

While not routing your DNS via the respective exit node may technically be a leak, it will still be passed through Tor with a circuit that expires every 10 minutes, so it isn’t nearly as bad an issue as it might be with a traditional VPN but said DNS could link requests to an extent.

I personally prefer and use Orbot system wide with all isolation options enabled and then combine it with Quad9 via system Private DNS feature.

robertocarlos · July 4, 2025, 6:02pm

I’m using Orbot with rethinkdns, but as proxy mode, rethink disconnects Orbot in VPN mode.

SkewedZeppelin · July 5, 2025, 12:53am

SafeSocks does nothing for Orbot in VPN mode and every single app that might use SOCKS does so using SOCKS5 (not SOCKS4) which does handle DNS.

because???

nonsense

Shadowsocks is not comparable to Tor.

Tor has been quite performant with the recent improvements (congestion control + conflux)

You shouldn’t use VPN provided Tor routing as that defeats the purpose of what Tor offers.

robertocarlos · July 5, 2025, 7:57am

I have really big mindfuck now haha

robertocarlos · July 5, 2025, 7:58am

So does it route first through orbot and then Quad9, or just Quad9 only

Topic		Replies	Views
Private DNS/Use Secure DNS settings when using Orbot Questions	15	1566	July 28, 2024
What is better DNScrypt, DOH or DOT? Questions	1	1437	February 6, 2023
Rethinkdns/InviziblePro/Netguard Questions	8	260	July 4, 2025
Is it ok to use VPN, DNS for surfing Tor Browser? Questions browsers	11	647	July 6, 2024
RethinksDNS + Orbot and VPN or just VPN Questions	7	1263	November 24, 2023

DNS while using Tor

Related topics