tor-resolve

tor-resolve [OPTIONS] HOSTNAME_OR_IP

-h, --help
    Displays a help message and exits.

-v, --version
    Shows version information and exits.

-s, --socks
    Instructs tor-resolve to use the SOCKS RESOLVE command for name resolution. This is the default method when connecting to a SOCKS port (e.g., 9050).

-c, --controller
    Instructs tor-resolve to use Tor's Control Protocol for name resolution. This is the default method when connecting to a Control Port (e.g., 9051) and can offer more robust control.

-p PORT, --port PORT
    Specifies the port to connect to the Tor daemon. Defaults to 9050 for SOCKS connections and 9051 for Control Protocol connections.

-r, --reverse
    Performs a reverse DNS lookup, querying for a PTR record for the given IP address.

-t TYPE, --type TYPE
    Specifies the DNS query type to perform (e.g., A, AAAA, PTR, TXT, MX, NS). By default, it queries for A records (IPv4 addresses) or PTR records if --reverse is used.

-x, --exit-address
    Outputs the IP address of the Tor exit node that handled the DNS resolution, in addition to the resolved hostname or IP.

tor-resolve is a command-line utility designed to perform DNS lookups through the Tor anonymity network. It acts as a specialized resolver, sending DNS queries (like A, AAAA, or PTR records) over an encrypted Tor circuit, thus helping to obscure the origin of the DNS request. This is particularly useful for privacy-conscious users or applications that need to resolve hostnames without revealing their direct IP address to DNS servers. It can operate by communicating with the Tor daemon's SOCKS proxy port or its Control Protocol port, providing flexibility in how it integrates with a running Tor instance. Unlike standard DNS resolvers, tor-resolve ensures that your DNS queries are routed through the Tor network, inheriting the privacy benefits of Tor.

tor-resolve requires a running Tor daemon to function. It sends DNS queries over Tor, but the final resolution happens at the exit node, which could potentially see the query. While it protects your identity from the DNS server, it does not magically make the queried domain disappear. Tor network speed can affect resolution times. Ensure your Tor daemon is configured to allow SOCKS or Control Port connections from where you run tor-resolve.

tor-resolve can communicate with the Tor daemon in two primary ways: via the SOCKS proxy port or the Control Protocol port.
When using the --socks option (or connecting to the SOCKS port, typically 9050), it sends a SOCKS5 RESOLVE command. This is a simpler interface.
When using the --controller option (or connecting to the Control Port, typically 9051), it uses the Tor Control Protocol, which allows for more detailed interaction and potentially more robust resolution handling, especially for complex query types. The choice depends on how your Tor daemon is configured and what level of interaction is desired.

By routing DNS queries through the Tor network, tor-resolve helps to prevent your Internet Service Provider (ISP) or local network observer from seeing your DNS requests and, consequently, which websites or services you are trying to reach. The DNS query is anonymized and exits from a random Tor exit node, making it difficult to link the query back to your original IP address. This is a vital component of maintaining anonymity while browsing or connecting through Tor.

tor-resolve has been an integral part of the Tor project's suite of utilities since its early days. Its development paralleled the growth of the Tor network itself, providing a crucial tool for users to perform DNS lookups with the same anonymity and privacy assurances offered by Tor for regular network traffic. It was developed to address the specific need for secure and private name resolution, complementing tools like torify by handling DNS queries explicitly over Tor rather than relying on system-wide DNS configurations.

tor(1), torify(1), torsocks(1), host(1), dig(1)