Request: Add an option to let the parent proxy resolve hostnames if it can.

[phantomcraft]

If the parent socks5/http proxy has builtin DNS resolution, instead of sending an external resolver like 8.8.8.8, why not just send the host name (such as github.com) to the proxy and ask it for resolve and return the IP?

Curl has this feature: https://curl.haxx.se/libcurl/c/CURLOPT_SOCKS_PROXY.html

Useful for use with Tor.

• Sorry for my bad English.

[nadoo]

Hi @phantomcraft , glider uses remote dns as you said when there's a upstream proxy server specified, you can check it with capture tools like tcpdump or wireshark.

[phantomcraft]

What I mean is to use the DNS server of the upstream proxy (send all DNS requests with hostnames over SOCKS5 tunnel and let the upstream proxy resolves).

If the upstream proxy has builtin DNS resolution using its own network ISP: server address mydynamicadress.com port 1234 and DNS resolutor anything except the Glider builtin 8.8.8.8:53

and I use:

glider -dns=:53 -listen redir://10.100.1.1:1234 -forward socks5://mydynamicadress.com:1234

Glider continue to use the Google's 8.8.8.8:53.

I couldn't found any program that does that.

[nadoo]

In your condition, glider will use 8.8.8.8:53 as remote dns server, but all dns requests will be sent in tcp via the upstream socks5 server mydynamicadress.com:1234, then the resolved ip will be close to your socks5 server, this is expected.

• If glider listens as a normal proxy sever like http/socks/ss, e.g.: glider -verbose -listen socks5://:8443 -forward socks5://mydynamicadress.com:1234

  Imaging that you set your browser's proxy to socks5://gliderIP:8443, and when you visit a website like https://www.google.com, the browser will send a request for destination www.google.com:443 to glider, and glider will directly send the destination www.google.com:443 to the upstream socks5 server mydynamicadress.com:1234, so www.google.com will be resolved remotely.

• If glider listens as a redir proxy, then maybe you are runing glider on your linux gateway as a transparent proxy server, and there's no need to do any settings in your browser. In this condition, when you visit https://www.google.com, your os will request a domain resolving first, and then send a tcp connection to the resolvedip:443. In the domain resolving step, a name server must be specified to ask for resolving, that was limited by the proxy protocols, because they are not designed for domain resolving.

[phantomcraft]

@nadoo

That is what I mean, pass the hostname to -dns=:53 but instead of resolving with 8.8.8.8:53, pass the DNS request to let upstream proxy resolve as a browser does and return the request to dns port.

This allows browsing .onion and .i2p sites with a transparent proxy like a browser with a socks5 proxy enabled.

Instead of: glider -dns=:53 -dnsserver=8.8.8.8:53 could be: glider -dns=:53 -dnsserver=remote:53

Actually, there is no way to use I2P as a transparent proxy, this idea can make it work.

[xlighting2017]

what you are asking, is glider can somehow:

1. grab/intercept certain DNS resolve request(UDP/53);
2. convert to some "SOCKS5/HTTP/upstream proxy request" (which I don't know if there is any, TCP?UDP?PORT?);
3. process the "return" of the above request;
4. and convert it back to DNS resolve reply(UDP/53);

despite the "if there is any", you need to design a "convert protocol" first :)

[phantomcraft]

@xlighting2017

If Glider can grab a DNS request from a browser configured to use its listening socks5/http port, send directly to the upstream proxy to resolve and return the IP, it could do the same grabbing a DNS request from -dns=:53

I think it's easy to implement. I2P has its own pseudo-TLD (.i2p) accessible only through browsers (if they support a HTTP(S) proxy).

The same suggestion was made before: https://github.com/nadoo/glider/issues/33

[xlighting2017]

@xlighting2017

If Glider can grab a DNS request from a browser configured to use its listening socks5/http port, send directly to the upstream proxy to resolve and return the IP, it could do the same grabbing a DNS request from -dns=:53

I think it's easy to implement. I2P has its own pseudo-TLD (.i2p) accessible only through browsers (if they support a HTTP(S) proxy).

The same suggestion was made before: #33

you should try to do some TCP dump/wireshark on both browser and SOCKS5/HTTP proxy to understand

1. what happens when a browser is using SOCKS5 proxy accessing "google.com", on browser PC and Proxy server;
2. what happens when a browser is using HTTP proxy, on browser PC and Proxy server;

"DNS request" and "proxy request" are completely different, and there is NO "send DNS request to proxy to resolve and return the IP" -- that is why I'm asking for a "convert protocol"

[nadoo]

What @xlighting2017 said is right, the remote proxy server resolves domain and returns the content of destination to proxy client, but it can not return the resolve results, the proxy protocol socks5/http/ss/... doesn't support it.