A guide has appeared in the sometimes more and sometimes less official I2P forum, which is about how to prevent DNS leaks using a nine-year-old version of OpenJDK:
Guides • [Guide] Launch Bigly BT with proper Java Version
The interesting thing is not that someone is citing an undated article about BiglyBT, but that no one is contradicting it. This usually leads to the person believing that he has done everything right in his research and approaches his next contributions in exactly the same way.
How to patch DNS holes with obsolete software
Re: How to patch DNS holes with obsolete software
Hello.
You can check the update in the post.
Java 8 version is something that the developer of the program suggests, not just a bad research.
You can check the update in the post.
Java 8 version is something that the developer of the program suggests, not just a bad research.
Re: How to patch DNS holes with obsolete software
Thank you for the necessary addition, yanol.
The DNS queries for the trackers within the I2P domain are made via the standard resolver (via the Internet) of the operating system instead of via the I2P router. This can be determined using the appropriate DNS tools.
The developers write in their Wiki that they would deliver the software together with a Java version, version 8, to prevent the built-in DNS problem in connection with I2P and Tor.
I cannot confirm whether this applies in general or only to certain installations. The version I have installed comes directly from the BiglyBT homepage and uses the pre-installed Java version of the operating system (according to the homepage, it must then be the "Unix .tar.gz"). The alternative installation via the package management of Debian also uses the installed "default-jre", here and today openjdk-17.
Based on the information kindly provided by user yanol, everyone must decide whether there is a risk and whether the software is worth the effort. Users without basic technical knowledge will probably be put off by the article and will opt for simpler file sharing software. On the other hand, BBT is so complicated that even experienced users occasionally despair at the countless settings.
Perhaps such problems should also be solved at the operating system level. Such DNS queries can only be fatal, as far as I know, if they fall into the wrong hands, right?
The DNS queries for the trackers within the I2P domain are made via the standard resolver (via the Internet) of the operating system instead of via the I2P router. This can be determined using the appropriate DNS tools.
The developers write in their Wiki that they would deliver the software together with a Java version, version 8, to prevent the built-in DNS problem in connection with I2P and Tor.
I cannot confirm whether this applies in general or only to certain installations. The version I have installed comes directly from the BiglyBT homepage and uses the pre-installed Java version of the operating system (according to the homepage, it must then be the "Unix .tar.gz"). The alternative installation via the package management of Debian also uses the installed "default-jre", here and today openjdk-17.
Based on the information kindly provided by user yanol, everyone must decide whether there is a risk and whether the software is worth the effort. Users without basic technical knowledge will probably be put off by the article and will opt for simpler file sharing software. On the other hand, BBT is so complicated that even experienced users occasionally despair at the countless settings.
Perhaps such problems should also be solved at the operating system level. Such DNS queries can only be fatal, as far as I know, if they fall into the wrong hands, right?
Re: How to patch DNS holes with obsolete software
I am not sure about the potential risk, a brief search shows that the problem here( DNS leaks) would expose the user to the ISP and to cyberattacks. Since i do not know how possible is this, and that the problem can be solved in a simple way, i suggest 2 options:
*Using BiglyBT with java 8 ( so you will not see the 'Failed to Install DNS manager' error on startup)
*Switching to another client
I2pSnark is the other big player at the moment. Unfortunately, qbittorrent has not PEX and I2P-DHT support at the moment(only I2P experimental support). Its a matter of time until qbittorrent supports those missing features, and then it will become a common torrent client thanks to its simplicity.
If you distribution does not have, for some reason, a Java 8/openJDK 8 version in the repositories, you can download one 'portable' java 8 version from Internet, from a trusted source and then pointing the program to use that java version, with the command i mentioned in the original post, or using another alternative method.
Keep in mind that BiglyBT and Qbittorent main feature is that they can be used to 'cross-seed' torrents from the clearnet into the i2p network.As far as i know, that is not possible with I2PSnark
yanol.
*Using BiglyBT with java 8 ( so you will not see the 'Failed to Install DNS manager' error on startup)
*Switching to another client
I2pSnark is the other big player at the moment. Unfortunately, qbittorrent has not PEX and I2P-DHT support at the moment(only I2P experimental support). Its a matter of time until qbittorrent supports those missing features, and then it will become a common torrent client thanks to its simplicity.
If you distribution does not have, for some reason, a Java 8/openJDK 8 version in the repositories, you can download one 'portable' java 8 version from Internet, from a trusted source and then pointing the program to use that java version, with the command i mentioned in the original post, or using another alternative method.
Keep in mind that BiglyBT and Qbittorent main feature is that they can be used to 'cross-seed' torrents from the clearnet into the i2p network.As far as i know, that is not possible with I2PSnark
yanol.
Re: How to patch DNS holes with obsolete software
Just as a brief addition. You can also let the DNS queries go nowhere.
With an installed DNS server such as Unbound, the provider's DNS is bypassed and the root server is queried directly. This means that the potential "enemy" is blind to all DNS queries.
Use a DNS tool to collect the addresses of all trackers and add them to the configuration in such a way that they point to localhost. Here is an example for Unbound (unbound-control dump_cache | rg '\.i2p'):
Without your own DNS server, the same can also be realized with the "hosts" file, which also works with Windows.
With an installed DNS server such as Unbound, the provider's DNS is bypassed and the root server is queried directly. This means that the potential "enemy" is blind to all DNS queries.
Use a DNS tool to collect the addresses of all trackers and add them to the configuration in such a way that they point to localhost. Here is an example for Unbound (unbound-control dump_cache | rg '\.i2p'):
Code: Select all
local-zone: "tracker2.postman.i2p" redirect
local-data: "tracker2.postman.i2p A 127.0.0.1"