All traffic originating from [[Whonix-Workstation|{{project_name_workstation_long}}]] and [[Whonix-Gateway|{{project_name_gateway_long}}]] is routed over [[Tor]]. Starting from {{project_name_short}} version 0.2.1, traffic from {{project_name_gateway_short}} is also routed over Tor. This approach conceals the use of {{project_name_short}} from entities monitoring the network. For preserving the anonymity of a user's {{project_name_workstation_short}} activities, it isn't essential to route {{project_name_gateway_short}}'s own traffic through Tor. For those interested: Altering DNS settings on {{project_name_gateway_short}} in /etc/resolv.conf only impacts DNS requests made by {{project_name_gateway_short}}'s applications that utilize the system's default DNS resolver. By default, no applications on {{project_name_gateway_short}} that generate network traffic utilize this default resolver. All default applications on {{project_name_gateway_short}} that produce network traffic (like apt, [https://www.kicksecure.com/wiki/Systemcheck systemcheck], [[sdwdate]]) are explicitly configured, or force by uwt wrappers, to use their dedicated Tor SocksPort (refer to [[Stream Isolation]]). {{project_name_workstation_short}}'s default applications are configured to use dedicated Tor SocksPorts (see [[Stream Isolation]]), avoiding the system's default DNS resolver. Any applications in {{project_name_workstation_short}} not set up for stream isolation - such as nslookup - will employ the default DNS server configured in {{project_name_workstation_short}} (through /etc/network/interfaces), which points to {{project_name_gateway_short}}. These DNS requests are then redirected to Tor's DnsPort by the {{project_name_gateway_short}} firewall. Changes in {{project_name_gateway_short}}'s /etc/resolv.conf don't influence {{project_name_workstation_short}}'s DNS queries. Traffic produced by the Tor process, which by Debian's default operates under the user debian-tor originating from {{project_name_gateway_short}}, can access the internet directly. This is permitted because Linux user account debian-tor is exempted in the [[{{project_name_gateway_short}}_Firewall|{{project_name_gateway_short}} Firewall]] and allowed to use the "regular" internet. Tor version 0.4.5.6 (with no changes announced at the time of writing), the Tor software predominantly relies on TCP traffic. For further details, see [[Tor#UDP|Tor wiki page, chapter UDP]]. For DNS, please refer to the next footnote. Tor doesn't depend on, nor uses a functional (system) DNS for most of its operations. IP addresses of Tor directory authorities are hardcoded in the Tor software by Tor developers. Exceptions are: * Proxy settings that use proxies with domain names instead of IP addresses. * Some Tor pluggable transports such as meek lite, which resolves domains set in url= and front= to IP addresses or snowflake's -front.