How to use Tor as a DNS resolver

DNS is one of the most insecure aspects of the internet. Every DNS request is sent over plaintext to the DNS server your computer decides to use, usually decided by your operating system vendor, your ISP's DHCP, or the one you've set. This is a serious issue, as the function of a DNS server is to resolve hostnames to addresses. DNS over HTTPs/TLS secures the plaintext protocol against a MitM attack, but it does not do anything to stop the server from seeing every host your computer asks for it to resolve. There is no question that this information is being saved. It's pretty much the wet dream of every SEO person/data broker/unscrupulous person to be able to see all the pages that someone is viewing. Fortunately, Tor lets you route these DNS requests over the Tor network, making them anonymous as well as secure against man in the middle attacks.

On most unixlikes (Note: won't work on systemd systems):

echo "DNSPort 53" >> /etc/tor/torrc
echo "AutomapHostsOnResolve 1" >> /etc/tor/torrc
echo "nameserver 127.0.0.1" > /etc/resolv.conf

Restart the Tor service to your init system and try using ``nslookup www.google.com`` to check if the changes went through. If the first line reads “Server: 127.0.0.1” then it succeeded.