How does SOCK 5 proxy-ing of DNS work in browsers?

Question

Browsers can proxy DNS requests through SOCKS 5. What I don't understand is how the process works.

Correct me if I'm wrong. In normal DNS operation, a program does DNS resolution through its operating system, which in turn is configured to access a specific DNS server(s) and make queries there. So, in normal operation a browser should not do DNS queries over the network by himself.

Now, with a SOCKS proxy, the browser needs to do his own queries. How that the browser knows which DNS server will exist at the other end of the proxy tunnel?

dsign · Answer 1 · 2017-11-27T15:36:35.567

33

The browser doesn't do his own DNS lookups then. I don't know if there are actual situations in which a browser will speak DNS to a DNS server. But with SOCKS5 proxy configured the browser simply asks to the SOCKS5 to connect to hosts using the host name of the host instead of its IP address. It's up to the SOCKS5 proxy then to do the lookup.

I know this because I maintain a SOCKS5 implementation.

edited Nov 27 '17 at 15:36

answered Dec 05 '15 at 08:56

dsign

12,340
6
59
82

score 6 · Answer 2 · answered Jul 04 '19 at 10:21

It depends on your browser. Firefox, for example, sends hostname to SOCKS proxy without resolving it. You can confirm that by Wireshark.

PS. assume you are using a SOCKS5/4a proxy. SOCKS4 does not support hostname. Ref: https://en.wikipedia.org/wiki/SOCKS#SOCKS4a

score 0 · Answer 3 · edited May 23 '17 at 12:04

0

If not using firefox about:config to change dns settings, reconfigure windows Adapter Interface and set

DNS2SOCKS.exe /la:socks.log 127.0.0.1:1080 8.8.8.8:53 127.0.0.1:53

These are default settings for google dns

see DNS through socks proxy. How do I change windows settings for domain resolution.

edited May 23 '17 at 12:04

Community

1
1

answered Jan 18 '16 at 03:20

user5803375

1

score 0 · Answer 4 · answered Nov 27 '17 at 15:15

There are 3 possible options:

Software still uses system DNS for host name resolution and commands the Socks server to connect to an IP. This might be default mode or the only supported mode for cases where Socks is implemented lazily.
Software commands the Socks server to connect to hostname. This mode might need to be configured additionally; Firefox and old Opera have special flags to enable this mode.
Software manually performs DNS lookup with UDP-over-Socks and commands the Socks server to connect to an IP. The most crazy mode and it requires a software to know a DNS address but in theory it is possible.

score 0 · Answer 5 · answered May 27 '20 at 03:14

0

proxy target address can be ipAddress or DOMAINNAME. Browsers use DOMAINNAME .

answered May 27 '20 at 03:14

QiuChen

36
2

How does SOCK 5 proxy-ing of DNS work in browsers?

5 Answers5