If I am using SSH for a SOCKS proxy, do DNS connections go through it?

ssh ssh-tunnel socks

45,572

Solution 1

I know the answer is bit late, but for the reference and for those who are still looking for the answer,

Set the network.proxy.socks_remote_dns property in firefox config (type about:config in address bar) to TRUE (just double click the property to toggle the value) to enable dns lookups over your local/remote socks5 proxy.

PS: I'm not sure about other browsers :(

Solution 2

If it's a SOCKS 5 proxy, and the client program supports it, DNS will go through the proxy. Most browsers support DNS through a Socks 5 proxy, but may require special configuration to do it.

If your goal is privacy on the web , you really should use something like privoxy. Privoxy will cleanse the headers of your web requests and ensures all traffic, including DNS, goes through the Socks 5 proxy. Run privoxy locally, and you can use ssh to tunnel the Socks 5 traffic.

Solution 3

You can't do that out of the box since the SSH tunnel is for TCP/IP connections only - UDP traffic won't be able to be cross that tunnel without a special setup. Basically you need to create a fifo to do some trickery with netcat as described here. You can use google's DNS from the far end box then.

Solution 4

It depends on your application. Firefox, for example, sends hostname to SOCKS proxy without resolving it. In this case, you do not have to do anything for privacy. You can confirm that by wireshark.

PS. assume you are using a SOCKS5 proxy. SOCKS4 does not support hostname.

Solution 5

As mentioned over there, your system wide lookups are not tunnelled.

If you want an SSH based solution, you can get inspiration from here or use SSHuttle (e.g. mentioned here). There is a patch to forward DNS queries easily.

YMMV, but I have had success with the following:

#!/bin/bash
# Taken from http://stackoverflow.com/questions/4594319/shell-replace-cr-lf-by-comma
DNSSERVERS=$(nmcli d show | grep DNS | awk '{print $2}' | sed -e 'H;${x;s/\n/,/g;s/^,//;p;};d' )
sshuttle  \
    -vvv                \
     --dns-hosts ${DNSSERVERS}   \
    -r server   \
    254.254.254.254/32

View more solutions

45,572

Jason Marzst

Updated on September 18, 2022

Comments

Jason Marzst over 1 year

I am using ssh -D 8080 my server to create a SOCKS proxy. I'm then configuring OS X to use localhost:8080 as a SOCKS proxy. I'm using this to access the internet without being monitored.

I'm using Google's DNS servers (8.8.8.8), but how do I make sure that DNS queries are going through the SSH tunnel?
- machineaddict almost 8 years
  
  "without being monitored" is an illusion
jwd almost 7 years

For those who prefer the UI, this is in Preferences → Advanced → Network tab → Settings button (for "Connections") → "Proxy DNS when using SOCKS v5".
Eugene D. Gubenkov over 5 years

I've noticed that DNS does NOT go via proxy for HTTP, but it does work for HTTPS. How this can be the case? Is this as designed? (I'm using Firefox)
pavon over 2 years

Many clients can be configured to do DNS lookup either locally, or through the proxy. One common (but not universal) convention for unix applications is that "https_proxy=socks5h://localhost:8080" means to send hostname over the proxy and perform DNS lookup remotely, while "https_proxy=socks5://localhost:8080" performs DNS lookup locally.