S
S
SysUtils2017-07-09 16:34:45
linux
SysUtils, 2017-07-09 16:34:45

Filtering DNS traffic through Socks5?

Good evening to everyone reading this question. A little confused, I ask for help in dedication and direction. In general, the Socks5 protocol is a proxy server for filtering traffic between the client and the server. Works with both TCP and UDP traffic. That is, when connecting to Socks5, the server to which I am accessing will see the ip address of the proxy server (TCP) and the ip DNS provider of this proxy server (UDP). It turns out that TCP and UDP traffic is filtered. Here is the first question. As a rule, Socks5 proxy servers do not support UDP traffic filtering, what should be done in this case? Does 3proxy support this function? (maybe some special settings are needed?). Is it possible to somehow get the DNS provider's ip via Socks5 if it does not support UDP proxification?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
V
Vladimir Dubrovin, 2017-07-10
@z3apa3a

1. If you have the option to resolve names via SOCKS in the SOCKS client, then no UDP traffic goes through, just the SOCKS client sends the name to the server instead of the IPv4 / IPv6 address and the server itself resolves it. At the same time, it is possible to differentiate access by names and does not present problems.
2. If this option is not set in the SOCKS client, then DNS queries do not get into the proxy at all, most likely even when using the soxifier.
3. 3proxy can filter any traffic, incl. UDP, but this is not required to allow access by hostname
4. 3proxy supports name resolution over TCP (DNS servers support not only UDP but also TCP). Incl. it is not difficult to send DNS requests (namely, full-fledged DNS requests) through the parent proxy over TCP. It doesn't make much sense to let them over UDP through the parent proxy, because the control connection to the proxy is still established via TCP.
5. 3proxy has a DNS proxy service (dnspr) that allows you to allow/block DNS requests by domains. You can run DNS through this service and make sure that these requests never reach the provider.
Which of these you need or do not need, I can’t imagine, because. instead of describing the task, you described your ideas, which are not correct and your question comes from a bunch of incorrect premises and the problem is not clear from it.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question