[Request] pfSense-Friendly Darknet Access

Freewheeling spot to chew the fat on anything cryptostorm-related that doesn't fit elsewhere (i.e. support, howto, &c.). Criticism & praise & brainstorming & requests for explanation... this is where it goes when it's hot & ready for action! :-)
User avatar
Site Admin
Posts: 1275
Joined: Wed Feb 05, 2014 3:47 am

[Request] pfSense-Friendly Darknet Access

Post by parityboy » Fri Dec 30, 2016 7:37 am


[For background, see here]

Can you alter the DeepDNS policies on the exit nodes such that if you query a darknet FQDN from an out-of-tunnel address (including other exits), the result is NXDOMAIN? In other words, if I'm connected to the German node and my query for an Onion address is sent to the Netherlands DeepDNS instance, the result is NXDOMAIN rather than 10.x.x.x.

This would enable us pfSense users to spin up multiple clients and not only load balance between them, but also specify the DeepDNS servers for those exit nodes in System->General Setup->DNS Server Settings. With this in place, queries for darknet TLDs will result in NXDOMAIN until the query hits the right server.