Community discussions

MikroTik App
  4. RouterOS
  5. General

socks5 proxy dns problem - ROS 7.7

Post Reply
 
onlineuser
Member Candidate
Member Candidate
Topic Author
Posts: 250
Joined: Thu Aug 06, 2015 12:10 pm

socks5 proxy dns problem - ROS 7.7

Sun Jan 15, 2023 10:29 am

Hi,

I use the socks5 proxy on mikrotik with remote dns resolving.
This works fine for resolving hostnames (google.de for example) but for inputs like 123.123.123.123 it does not work.
Normally for such URL the socks5 proxy needs not to resolv the IP address but it looks like that this will be tried.
The website will not be opened.
socks_dns.png
In the DNS cache log there I can see a NEGATIVE entry.
If I switch to socks4, then it works but then google.de does not work any longer because socks4 does not support remote dns resolving.

If I add the IP address to the static table, then it also works.

socks5 proxy should only resolve valid domains and not a IP address. ;-)
Maybe this could be fixed in ROS 7.7.

Thanks, a lot.
You do not have the required permissions to view the files attached to this post.
Top
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2877
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: socks5 proxy dns problem - ROS 7.7

Sun Jan 15, 2023 11:38 am

https://stackoverflow.com/questions/330 ... n-browsers
Top
 
onlineuser
Member Candidate
Member Candidate
Topic Author
Posts: 250
Joined: Thu Aug 06, 2015 12:10 pm

Re: socks5 proxy dns problem - ROS 7.7

Sun Jan 15, 2023 11:22 pm

What do you want to say with this?
Locally resolving of domains with third party tool?

This is not necessary. Other socks proxies do the same like mikrotik socks - remote resolving works fine for vaid domains (for example google.com).
If I want to open an webserver on for example 123.123.123.123, no resolving is necessary by the socks 5 proxy. But mikrotik tries to resolve 123.123.123.123 as domain instead of connecting directly to this IP address.
Top
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2877
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: socks5 proxy dns problem - ROS 7.7

Mon Jan 16, 2023 8:34 am

Maybe this could help resolving problem ... I know that it's an old post but ... who knows?
It depends on your browser. Firefox, for example, sends hostname to SOCKS proxy without resolving it. You can confirm that by Wireshark.

PS. assume you are using a SOCKS5/4a proxy. SOCKS4 does not support hostname. Ref: https://en.wikipedia.org/wiki/SOCKS#SOCKS4a
There are 3 possible options:

Software still uses system DNS for host name resolution and commands the Socks server to connect to an IP. This might be default mode or the only supported mode for cases where Socks is implemented lazily.

Software commands the Socks server to connect to hostname. This mode might need to be configured additionally; Firefox and old Opera have special flags to enable this mode.

Software manually performs DNS lookup with UDP-over-Socks and commands the Socks server to connect to an IP. The most crazy mode and it requires a software to know a DNS address but in theory it is possible.
Top
 
onlineuser
Member Candidate
Member Candidate
Topic Author
Posts: 250
Joined: Thu Aug 06, 2015 12:10 pm

Re: socks5 proxy dns problem - ROS 7.7

Mon Jan 16, 2023 12:44 pm

Ok yes, I could resolve it by resolving the hostnames locally or with other tools but RFC shows that remote resolving through the proxy also should work.

With the socks proxy "srelay" for example it works fine.
Top
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2877
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: socks5 proxy dns problem - ROS 7.7

Mon Jan 16, 2023 2:45 pm

Free thoughts

How to distinguish that 127.127.127.127 is an IP address not the domain?
If 127.127.127. is send to DNS resolver then it asks upper level servers for an answer and receives empty answer.
Top
 
onlineuser
Member Candidate
Member Candidate
Topic Author
Posts: 250
Joined: Thu Aug 06, 2015 12:10 pm

Re: socks5 proxy dns problem - ROS 7.7

Mon Jan 16, 2023 7:04 pm

Ok, but this could be filtered with a regex.
Other socks proxies also do this.

The nslookup command also does this - nslookup google.de delivers the IP address, nslookup 127.127.127.127 delivers the hostname.
Top
 
Wublide
newbie
Posts: 30
Joined: Sun Feb 18, 2018 11:00 pm

Re: socks5 proxy dns problem - ROS 7.7

Mon Feb 27, 2023 4:56 pm

Ok, but this could be filtered with a regex.
Other socks proxies also do this.

The nslookup command also does this - nslookup google.de delivers the IP address, nslookup 127.127.127.127 delivers the hostname.
I completely agree, this needs to be sorted out without any user workaround
Top
 
onlineuser
Member Candidate
Member Candidate
Topic Author
Posts: 250
Joined: Thu Aug 06, 2015 12:10 pm

Re: socks5 proxy dns problem - ROS 7.7

Wed Jan 24, 2024 7:27 pm

Any updates for this issue?

I tried it on ROS 7.13.2 - same problem. :-(
Top
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6695
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:
Contact sergejs

Re: socks5 proxy dns problem - ROS 7.7

Wed Mar 20, 2024 3:35 pm

Thank you very much for the report, IP address handling will be fixed at 7.15 for socks5.
Top
Post Reply

Who is online

Users browsing this forum: Extrems, infabo and 59 guests
  4. RouterOS
  5. General