Use custom DNS

[DUOLabs333]

Is it possible that I can set it up so that hostnames are resolved by a custom DNS, not the server's DNS?

[rofl0r]

that functionality is not built in. you could run microsocks through proxychains-ng though and configure it for proxydns_old mode, then modify the proxyresolv script to query the nameserver of your choice. alternatively you can modify the code of microsocks to run a custom DNS resolver function instead of getaddrinfo(), for example using https://github.com/rofl0r/firedns . though you'd need to piece it together yourself.

[DUOLabs333]

Is there a way to force it to use the client's DNS?

[rofl0r]

depends on whether the client application using the proxy has a setting to force DNS being looked up before making the proxy connection. it could then send raw ipv4/ipv6 instead of host name to the server. though i think finding such an option is unlikely as its less efficient and the opposite of what most people want.

[srd424]

Depending on what you're trying to achieve, you could run microsocks in a namespace to allow setting a different DNS server?

[DUOLabs333]

How would that work?

[srd424]

Good question .. you could create a whole new network namespace but that's probably overkill. Maybe something like this? (run as root)

cat >test-ns <<EOM
#! /bin/bash

echo "nameserver 1.2.3.4" >/tmp/new-resolv.conf
mount /tmp/new-resolv.conf /etc/resolv.conf -o bind

cat /etc/resolv.conf
EOM
chmod a+x ./test-ns
cat /etc/resolv.conf
unshare -m ./test-ns
cat /etc/resolv.conf

You should notice that 'test-ns' sees it's own version of resolv.conf compared to the main system .. obviously you can then just change the script to start microsocks. If using systemd you can probably configure the unit file directly somehow.

Note that if you're using systemd-resolved's nss-resolve the above might well not work .. you might need to bind mount over /etc/nsswitch.conf as well to disable it.

[srd424]

Hmm, looks like cwrap can redirect resolv.conf as well: https://cwrap.org/resolv_wrapper.html

[DUOLabs333]

I just gave up and changed the DNS on the server. Also, when testing it, it works fine on a computer -- but with SagerNet on Android, the latency is >1000 ms (Shadowsocks is <150 ms).

[rofl0r]

the latency is >1000 ms

the socks5 protocol is kinda inefficient, it requires several packets sent hence and forth to establish a connection. that's the reason why tor defaults to using socks4a instead. i've implemented a socks4a server here: https://github.com/rofl0r/pysocks4 . it will likely work better in regard to latency. http proxies also do not have this issue, as all the required information to establish a connection is included in the first packet. tinyproxy is a good and reasonably lightweight option for http proxying.

[DUOLabs333]

Can pysocks4 be used with python3, or will some things need to change?

[rofl0r]

Can pysocks4 be used with python3, or will some things need to change?

it will likely need changes, as py3 made the unfortunate decision to treat all string literals as unicode rather than bytes. but you might just try it out.

[DUOLabs333]

I just tried pproxy, apparently MacOS can't handle socks4

[DUOLabs333]

And it seems like I was mistaken -- microsocks is pretty fast, maybe it was an one-off bad connection. For my purposes, http proxies aren't enough.

[DUOLabs333]

Another problem I found -- while dig, ping, etc does reflect DNS blocks correctly, browsers do not use the system DNS, but use their own. This is on MacOS.

[rofl0r]

browsers do not use the system DNS

firefox has a checkbox "use proxy to perform DNS queries (socks5 only)" which can influence this behaviour. if unchecked, it does what you want, namely use the client's nameserver rather than socks server's.

[DUOLabs333]

This is on Chrome

On Wed, Nov 10, 2021, 3:53 PM rofl0r @.***> wrote:

browsers do not use the system DNS

firefox has a checkbox "use proxy to perform DNS queries (socks5 only)" which can influence this behaviour. if unchecked, it does what you want, namely use the client's nameserver rather than socks server's.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rofl0r/microsocks/issues/47#issuecomment-965737474, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALXWUYAREW7YGCOISGJBLTTULLLWJANCNFSM5HWBL4NQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

[srd424]

I have a feeling Chrome passes some stuff to the proxy and looks other stuff up (e.g. prefetches) itself, annoyingly. I remember having to do battle with that when I was trying to force everything through the proxy. Trying googling around the "--host-resolver-rules" option to Chrome..

[rofl0r]

btw, i just added support for py3 to pysocks4.

[DUOLabs333]

Yeah, apparently, MacOS doesn't have SOCKS4 support.

[themanifold]

For anyone who has come across this, here is an example proxychains.conf that uses the proxy_dns_old directive:

proxy_dns_old
localnet 0.0.0.0/0.0.0.0

[ProxyList]
<proto> <ip> <port>

DNS requests will be resolved by invoking the proxyresolv script on your system $PATH. You can choose the IP address of the DNS server by editing that file.