hello, thank you for the good feature of socksify. the problem is that UDP port 53 of the src device is not sent to socksify and it is not working ( resolve in direct ) . What is the solution to transfer DNS to socksify?
Any client has to explicitly support using socks (i.e. unlike port forwarding using socks is never transparent to client). And I'm not sure if all socks implementations support UDP.
Are you sure that your DNS client supports using socks5 ?
The SOCKS5 server supports UDP, but the issue is that on the internal network, a device that obtains its IP address from the DHCP server (and is treated as the source) has its DNS translated directly by the MikroTik. As a result, no packets other than TCP are sent from socksify to the SOCKS server.
I'm not sure that I understand how your DNS topology is set.
I guess that you have DNS server set in DHCP settings. Where does DNS point to? Router? Either way, usual DNS resolvers (which are built in most OSes) won't try to use socks to connect to upstream DNS resolvers. If you installed a 3rd party socks server which can (transparently?) relay DNS queries via socks, then you have to set that device's IP address as DNS server in DHCP settings.
If you expect ROS own socks server to act as DNS relay ... then I'm affraid that ROS socksify server doesn't support UDP ... official on-line doc doesn't mention UDP, examples don't mention it ... and in ROS world, what's not explicitly mentioned most likely doesn't exist.
@soheilsh did you set in firewall socksify nat rule for UDP port 53?
/ip firewall nat add action=socksify chain=dstnat dst-port=53 protocol=udp socksify-service=<SOCKSIFY_SERVICE> src-address=<CLIENT_IP>
In MT Socksify help there is no mention for UDP support or lack of it, in example it is only for HTTP(S) TCP port connections, if you have same nat rules as in help then UDP port 53 connections for DNS are not socksified because there is no nat rule for it.
Prerequisites:
- SOCKS server must be 3rd party SOCKS5 server, if socksify is configured to some ROS SOCKS server on other device it will not work because ROS SOCKS server is SOCKS4 (TCP only)
- ROS must support UDP port connections with
socksifynat (you can check that with above mentioned nat rule) - 3rd party SOCKS5 server must be able to establish connection to DNS IP and UDP port 53 used by clients (depends which is set on client OS or client application), for eg. if client uses some local network DNS provided by DHCP, like 192.168.88.1, and socksify is configured over some external SOCKS server then it will not work and on clients DNS IP must be set to one which SOCKS server can connect, in such case public DNS IP can be set on clients like 1.1.1.1, 8.8.8.8, …
Note: Some services like TOR, V2/Xray… which also provide SOCKS5 proxy will not be able to connect to local network DNS IP even if service is hosted on local network and local DNS is accessible from OS where is running because such services are performing tunneled connections over network which is provided by them, not over network where service is hosted. In such case also public DNS is required to be set on clients, unless there is posibility in service configuration to set certain IP (DNS IP) for which connections can be established locally and not over service network, for eg. V2/Xray has routing configuration where such rule can be created.
In the YT video summing up 7.20.x new features, it’s stated that currently only TCP is supported.
1 Like
In such case this can be done only by forcing clients to resolve using DoH or DoT DNS. Like setting up on local network Unbound DNS which IP is provided by DHCP to sockify clients (or set manually on OS) as DNS and Unbound configured to use some DoH or DoT DNS as upsream (forward-zone config). Also Unbound must be sockified for TCP port 443 or 853.