notpeter
commented
6 years ago Sorry, this isn't the right place to ask (this is just a mirror). Perhaps the Dante Mailing-list can help.
My guess is you might be able to do what you're looking for with Remote DNS. Firefox and Chrome have support.
Best of luck!
I am trying to build a SOCKS solution for forward proxy. I am using dante SOCKS proxy as I have heard that big companies like google uses it as forward proxy solution.
on the SOCKS server, I am allowing based on FQDN's like google.com port 443
Now the problem is, when the client constructs the packet, it tries to resolve google.com and gets X.X.X.X (when used udp/tcp as resolveprotocol) and sends connect request to SOCKS server. Now when the server receives the packets, it tries to reconstruct the packet to send out to internet, the server again does DNS resolution and if the server gets response as Y.Y.Y.Y, then it doesn't allow client's request as the destination IP in the client's request is different then the server's resolved IP address.
There is a solution in dante client which tells client to put a dummy destination address (when used fake as resolveprotocol) and sends request to server and server processes it properly then. However that is creating a problem with internal domains as after using "fake" dns resolution method, every requests goes through dante server :(
Please let me know
If there is any solution through which would help me in maintaining a DNS record expiry DC wide for e.g. google.com resolves to X.X.X.X and I should be able to resolve to this same IP address on 100's of DNS client and in case if the record changes, then it should immediately change/expire on client.
A way to whitelist FQDN when used "fake" as resolveprotocol so that not every request will go via SOCKS server
Any other proxy/socks solution which should be transparent to applications for forward proxy