We need a way to intercept DNS requests so they don't "leak" while we're trying to be anonymous. (This happens because the application does the DNS resolve before going to the SOCKS proxy.) One option is to use Tor's built-in support for doing DNS resolves; but you need to ask via our new socks extension for that, and no applications do this yet
. A nicer option is to use Tor's controller interface: you intercept the DNS resolve, tell Tor about the resolve, and Tor replies with a dummy IP address. Then the application makes a connection through Tor to that dummy IP address, and Tor automatically maps it back to the original query.