socks5 proxy dns problem - ROS 7.7

onlineuser · January 15, 2023, 8:29am

Hi,

I use the socks5 proxy on mikrotik with remote dns resolving.
This works fine for resolving hostnames (google.de for example) but for inputs like 123.123.123.123 it does not work.
Normally for such URL the socks5 proxy needs not to resolv the IP address but it looks like that this will be tried.
The website will not be opened.

In the DNS cache log there I can see a NEGATIVE entry.
If I switch to socks4, then it works but then google.de does not work any longer because socks4 does not support remote dns resolving.

If I add the IP address to the static table, then it also works.

socks5 proxy should only resolve valid domains and not a IP address.
Maybe this could be fixed in ROS 7.7.

Thanks, a lot.

BartoszP · January 15, 2023, 9:38am

https://stackoverflow.com/questions/33099569/how-does-sock-5-proxy-ing-of-dns-work-in-browsers

onlineuser · January 15, 2023, 9:22pm

What do you want to say with this?
Locally resolving of domains with third party tool?

This is not necessary. Other socks proxies do the same like mikrotik socks - remote resolving works fine for vaid domains (for example google.com).
If I want to open an webserver on for example 123.123.123.123, no resolving is necessary by the socks 5 proxy. But mikrotik tries to resolve 123.123.123.123 as domain instead of connecting directly to this IP address.

BartoszP · January 16, 2023, 6:34am

Maybe this could help resolving problem … I know that it’s an old post but … who knows?

It depends on your browser. Firefox, for example, sends hostname to SOCKS proxy without resolving it. You can confirm that by Wireshark.

PS. assume you are using a SOCKS5/4a proxy. SOCKS4 does not support hostname. Ref: > https://en.wikipedia.org/wiki/SOCKS#SOCKS4a

There are 3 possible options:

Software still uses system DNS for host name resolution and commands the Socks server to connect to an IP. This might be default mode or the only supported mode for cases where Socks is implemented lazily.

Software commands the Socks server to connect to hostname. This mode might need to be configured additionally; Firefox and old Opera have special flags to enable this mode.

Software manually performs DNS lookup with UDP-over-Socks and commands the Socks server to connect to an IP. The most crazy mode and it requires a software to know a DNS address but in theory it is possible.

onlineuser · January 16, 2023, 10:44am

Ok yes, I could resolve it by resolving the hostnames locally or with other tools but RFC shows that remote resolving through the proxy also should work.

With the socks proxy “srelay” for example it works fine.

BartoszP · January 16, 2023, 12:45pm

Free thoughts

How to distinguish that 127.127.127.127 is an IP address not the domain?
If 127.127.127. is send to DNS resolver then it asks upper level servers for an answer and receives empty answer.

onlineuser · January 16, 2023, 5:04pm

Ok, but this could be filtered with a regex.
Other socks proxies also do this.

The nslookup command also does this - nslookup google.de delivers the IP address, nslookup 127.127.127.127 delivers the hostname.

Wublide · February 27, 2023, 2:56pm

I completely agree, this needs to be sorted out without any user workaround

onlineuser · January 24, 2024, 5:27pm

Any updates for this issue?

I tried it on ROS 7.13.2 - same problem.

sergejs · March 20, 2024, 1:35pm

Thank you very much for the report, IP address handling will be fixed at 7.15 for socks5.

onlineuser · June 17, 2024, 10:39am

Thanks, very much.
I tested it and it works fine.