DNS while using Tor

robertocarlos · June 30, 2025, 1:44pm

Hello, which is better, use default DNS while using tor or Orbot? Or even more secure would be using DNScrypt or oDoH, for example by using RethinkDNS or Invizible Pro.
Anyway DNS is in both scenarios different than isp, but are all options encrypted, what about leaks, or other security considerations?

rundfunk · July 4, 2025, 11:36am

Tor - because it is private, secure and really anonymous. The Tor ExitNode (the last link in the chain) does the DNS resolution and doesn’t know you. You get all DNS information back encrypted.

But this entry must not be missing in the Tor configuration file torrc.

SafeSocks 1

robertocarlos · July 4, 2025, 5:31pm

Do i need to change to that or its by default?

SkewedZeppelin · July 4, 2025, 5:33pm

The SafeSocks option is irrelevant to Orbot usage when using the VPN mode.

SkewedZeppelin · July 4, 2025, 5:35pm

If you want to have .onion access or strictly ensure that your requests are processed by each respective exit node you should not change DNS settings and ensure the system Private DNS and Chromium Secure DNS features are disabled.

However if you want to use a DNS blocker or the security benefits of a protective DNS (blocking or DNSSEC) then you should use the system Private DNS feature.

If you want more control of blocking and doing so client side, then you can use Rethink combined with Orbot.

SkewedZeppelin · July 4, 2025, 5:37pm

While not routing your DNS via the respective exit node may technically be a leak, it will still be passed through Tor with a circuit that expires every 10 minutes, so it isn’t nearly as bad an issue as it might be with a traditional VPN but said DNS could link requests to an extent.

I personally prefer and use Orbot system wide with all isolation options enabled and then combine it with Quad9 via system Private DNS feature.

robertocarlos · July 4, 2025, 6:02pm

I’m using Orbot with rethinkdns, but as proxy mode, rethink disconnects Orbot in VPN mode.

SkewedZeppelin · July 5, 2025, 12:53am

SafeSocks does nothing for Orbot in VPN mode and every single app that might use SOCKS does so using SOCKS5 (not SOCKS4) which does handle DNS.

because???

nonsense

Shadowsocks is not comparable to Tor.

Tor has been quite performant with the recent improvements (congestion control + conflux)

You shouldn’t use VPN provided Tor routing as that defeats the purpose of what Tor offers.

robertocarlos · July 5, 2025, 7:57am

I have really big mindfuck now haha

robertocarlos · July 5, 2025, 7:58am

So does it route first through orbot and then Quad9, or just Quad9 only

Lukas · July 16, 2025, 7:26am

Any reason for not using InviZible Pro which has stream isolation?

SkewedZeppelin · July 16, 2025, 12:37pm

I was using it for a while, especially for that, but recently I just go back and forth between them depending on how I feel.
Orbot is a lot simpler and doesn’t break the kill switch feature, but Invizible is technically superior.
I’d really like to see TorVPN actually get a release sometime, which actually looks like it might be mid-August.

Topic		Replies	Views
Private DNS/Use Secure DNS settings when using Orbot Questions	15	1581	July 28, 2024
Rethinkdns/InviziblePro/Netguard Questions	8	319	July 4, 2025
RethinksDNS + Orbot and VPN or just VPN Questions	7	1283	November 24, 2023
InviZible Pro (Tor, I2P, DNSCrypt) Tool Suggestions	28	7265	April 16, 2025
Orbot On Android General	4	407	July 23, 2024

DNS while using Tor

Related topics