Feature request: Optionally disable proxy for forwarder

[zumoshi]

Edit: This request is for a way to bypass global proxy settings for a single conditional forwarder without affecting other connections to the dns server used in it (e.g. from other forwarders). I had originally missed the existing feature for overwriting proxy settings by replacing another proxy and amended the request in comments.

---

Currently the proxy set in Settings->Proxy and Forwarders gets used for all outbound requests. it would be nice to be able to set this on a more granular level. e.g. per each forwarder.

Example use cases:

• proxy required to access internet, but *.company tld is resolved using a dns server on the local network not accessible through proxy.
• the proxy client installed locally that the dns server passes through needs to be able to resolve dns before it can connect, creating a catch 22 problem if an exception can't be made for the specific domain it uses.
• needing to aggregate two dns servers on different networks accessible through different proxies.

My exact use case is that I use an unsupported proxy protocol and pass the dns server through it to escape dns poisoning practices used to enforce censorship since all the protocols natively supported by technitium are blocked/inspected. The proxy client runs locally and exposes a socks5 proxy server endpoint which passes any traffic to the original proxy server using it's more sophisticated protocol with encryption and obfuscation.

However, it needs to resolve a single dns request before it can be bootstrapped. currently I just have to manually toggle the proxy on and off everytime I reboot the system to get it started. it would be nice if I can add an exception using a conditional forwarder zone to just use my isp's dns server since the domain name used by the proxy is not blocked/poisoned and have everything else go through the proxy normally.

Note that this is not the same as "Proxy Bypass List" option in the settings. since that makes all connections to e.g. 8.8.8.8 not use the proxy, as opposed to a specific domain (from a forwarder zone) connecting directly while the rest using the proxy, or being able to use multiple proxies at the same time for different zones.

[ShreyasZare]

Thanks for the post. I have not clearly understood the exact request. There is proxy config option for conditional forwarders:

[zumoshi]

@ShreyasZare I did not notice the scrollbar on that screen... I'm blind. apologies for the invalid request. Although now that I look at it the no proxy option doesn't seem to override the global proxy. as in it still uses the proxy set globally when left on default.

repro:

1. Set invalid proxy in global settings
2. add conditional forwarder zone for example.org using "No Proxy (default)" and 8.8.8.8
3. try to resolve it drill example.org @127.0.0.1

I get this:

[
  {
    "name": "example.org",
    "type": "A",
    "ttl": "8 (8 sec)",
    "rData": {
      "dataType": "DnsSpecialCacheRecordData",
      "data": "FailureCache: ServerFailure; NetworkError: Socket error for example.org. A IN: ConnectionRefused"
    },
    "dnssecStatus": "Unknown",
    "lastUsedOn": "2023-08-21T14:48:07.7655055Z"
  }
]

but if I disable the global proxy it works. I want a way to set the proxy to None from this screen even if there is a proxy set globally. i.e. change the default to "inherit global settings" and make "no proxy" actually be no proxy even if there is one set globally.

[ShreyasZare]

I did not notice the scrollbar on that screen... I'm blind. apologies for the invalid request.

That happens sometimes :)

The global proxy settings apply to every outbound call by design even when no proxy is set in conditional forwarders.

In your example, if you do not want to use the proxy for the conditional forwarder for "8.8.8.8" then adding "8.8.8.8" in the proxy bypass list will exclude it and the conditional forwarder will bypass the global proxy.

[zumoshi]

if you do not want to use the proxy for the conditional forwarder for "8.8.8.8" then adding "8.8.8.8" in the proxy bypass list will exclude it and the conditional forwarder will bypass the global proxy.

But I do want to use the proxy for it usually. except for one domain (the proxy server's domain which needs to resolve before the proxy client can become usable).

i.e. domain X from one forwarder zone needs to work without proxy. but connections outside that zone to the same dns server should use the proxy.

I'm working around this now by using a different dns server for the exception domain and adding it as a exception, but there is no reason to use a different nameserver for that domain. I still think the default option should be renamed from "no proxy" which is misleading IMHO, to "inherit global config". and an additional option added for no proxy which actually doesn't use a proxy regardless of if there is one set globally or not.

[ShreyasZare]

Thanks for the feedback. Agreed, the "no proxy" option in the conditional forwarder is misleading. Your scenario also does not work with proxy bypass list so the only solution is to add another option for the conditional forwarder and rename the current one.

Will get this option added in the next update. If proxy server's IP is static then do consider using it directly to avoid this issue till then.

[ShreyasZare]

Technitium DNS Server v11.5.2 is now available that adds option to bypass default proxy. Do update and let me know your feedback.

[zumoshi]

@ShreyasZare Just updated. Tested by setting inaccessible proxy in global settings, then creating a forwarder zone with the new option, and using drill to resolve it via the local dns server.

Works as expected. Thank you.

[ShreyasZare]

Thanks for letting me know.