mIRC Home    About    Download    Register    News    Help

Print Thread
DNS not sent through SOCKS5 proxy #233859 20/09/11 02:17 PM
Joined: Sep 2011
Posts: 9
T
theresa33 Offline OP
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
T
Joined: Sep 2011
Posts: 9
Hello,

The scenario:

1) mIRC 7.19 on Windows 7 x64 SP1.

2) Clean installation of mIRC, not an update.

3) Go to Tools -> Options -> Connect -> Proxy

4) Set up the following:

Code:
Connection: Both
Protocol: Socks5
Hostname: 127.0.0.1
Port: 8080


5) Start Wireshark https://www.wireshark.org/

6) Set mIRC to connect to a any IRC server you want.

7) The connection works fine.

8) However, when "On connect, always get: Host name" is enabled, the DNS request for that does not go through the SOCKS5 proxy, as seen in Wireshark.

Why I am doing this:

1) I live in Jordan and in order to get to the internet, I need a SOCKS5 proxy given to me by my ISP.

2) Everything that does not go through the SOCKS5 proxy fails.

3) When mIRC DNS requests for the Host name fails, some mIRC functionality breaks and I cannot use it properly.

I have confirmed this issue with 1 other person on a differently setup computer.

What I am asking for:

1) Can anyone else confirm that the DNS requests for "On connect, always get: Host name" are NOT going through SOCKS5 proxy?

2) If this bug is confirmed, can it be fixed in the next version of mIRC?

Thank you all.
Theresa

Re: DNS not sent through SOCKS5 proxy [Re: theresa33] #233864 20/09/11 10:18 PM
Joined: Oct 2003
Posts: 3,918
A
argv0 Offline
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,918
This is an old and known issue for proxying. It's known as "DNS leak". mIRC does not support tunneling DNS requests through SOCKS proxies (or any proxies that I'm aware of). This wouldn't be a "bug", since the lack of support is by design (I vaguely recall a discussion about this in a forum thread, but I could be wrong). The option would have to be explicitly supported through a separate configuration (checkbox), since not all SOCKS proxies even support tunneling DNS requests, and not all users want their DNS requests tunneled.

You can make a feature request to add this support to mIRC, but it is not *supposed* to work in 7.19.

A workaround would be to DNS hosts prior to using the socks proxy in mIRC.


- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"
Re: DNS not sent through SOCKS5 proxy [Re: argv0] #233867 21/09/11 09:34 AM
Joined: Sep 2011
Posts: 9
T
theresa33 Offline OP
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
T
Joined: Sep 2011
Posts: 9
Thank you for the clarification. I will post a feature suggestion then.

I know my SOCKS proxy supports remote DNS requests because I have to use this setting in Firefox network.proxy.socks_remote_dns = true

Re: DNS not sent through SOCKS5 proxy [Re: theresa33] #233868 21/09/11 09:51 AM
Joined: Dec 2002
Posts: 339
D
drum Offline
Fjord artisan
Offline
Fjord artisan
D
Joined: Dec 2002
Posts: 339
Since this is not currently possible in mIRC alone, you may want to consider using a program like ProxyCap to encapsulate all mIRC traffic through a SOCKS proxy. ProxyCap allows you to force DNS resolution to go through the proxy. In this setup, you would disable your SOCKS proxy settings from within mIRC so that mIRC thinks it is making direct connections. Then you run the ProxyCap program which will redirect the traffic to and from mIRC through the proxy server of your choice.

Re: DNS not sent through SOCKS5 proxy [Re: theresa33] #233869 21/09/11 11:17 AM
Joined: Dec 2002
Posts: 4,521
Khaled Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 4,521
Quote:
However, when "On connect, always get: Host name" is enabled, the DNS request for that does not go through the SOCKS5 proxy, as seen in Wireshark.

The "On connect, always get" option is used to determine your own connection's address. In the case of the "normal" lookup method, it gets this locally from your own computer. In the case of the "server" lookup method, it gets this from the IRC server using a /userhost. For most users, it is better to use the "server" lookup method, which is why it is enabled by default. If the "normal" lookup method is not working for you, you should switch back to the "server" lookup method.

Re: DNS not sent through SOCKS5 proxy [Re: Khaled] #233874 21/09/11 02:46 PM
Joined: Sep 2011
Posts: 9
T
theresa33 Offline OP
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
T
Joined: Sep 2011
Posts: 9
Originally Posted By: Khaled
If the "normal" lookup method is not working for you, you should switch back to the "server" lookup method.


Hello Khaled, the "normal" lookup method is unfortunately not working for me, and the "server" lookup method is not working since it cannot connect to the SOCKS proxy.

Should I still post this in the Feature Suggestions forum, or should I not bother since you already know about it? A toggle as suggested by argv0 could work. I will understand if this is not a large priority (or any at all) for you.

For now, I will try out the suggestion by drum to use ProxyCap (thank you drum).

Re: DNS not sent through SOCKS5 proxy [Re: drum] #233875 21/09/11 04:33 PM
Joined: Oct 2003
Posts: 3,918
A
argv0 Offline
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,918
drum's suggestion is much better than supporting this in mIRC in your case for many reasons. Specifically, if *all* your traffic has to go through the proxy, using a single program (ProxyCap or some other similar software) is much easier than setting this proxy in every program you use. Also, some of your programs might not support proxies at all-- in which case the only way to tunnel their data over a proxy would be to use some lower level program like ProxyCap, which redirects all TCP over the proxy regardless of where it came from. This is the better long term solution for your specific situation, IMO, but that said, the feature request may still have merit for others.


- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"
Re: DNS not sent through SOCKS5 proxy [Re: Khaled] #233876 21/09/11 04:36 PM
Joined: Oct 2003
Posts: 3,918
A
argv0 Offline
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,918
Khaled,

I believe the issue here is that his /server request itself is performing the DNS to resolve the address to an IP, which is failing, because it is not being performed over the proxy. I don't think he's at the resolving his own host part yet, which would be another separate issue.


- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"
Re: DNS not sent through SOCKS5 proxy [Re: theresa33] #233878 21/09/11 05:18 PM
Joined: Dec 2002
Posts: 4,521
Khaled Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 4,521
I am still not sure what the actual issue is - the "server" method retrieves your address from the IRC server using /userhost and then resolves it through your ISP's DNS server, which should return your IP address. If you are connecting through a proxy, the IRC server will return your proxy's address, which mIRC then resolves to an IP address. Are you saying that your ISP's DNS server is unable to resolve the address?

Re: DNS not sent through SOCKS5 proxy [Re: argv0] #233879 21/09/11 05:22 PM
Joined: Dec 2002
Posts: 4,521
Khaled Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 4,521
Ah, maybe that's what I'm missing - the original report didn't mention an issue with actually connecting to the server, just that the "On connect, always get" was not resolving the local address correctly. For server connections, when connecting through a Socks5 proxy, mIRC does not resolve the address itself - it passes the named address to the proxy directly. If the user is connecting through a non-Socks5 proxy, mIRC does resolve address locally though.

Re: DNS not sent through SOCKS5 proxy [Re: Khaled] #233880 21/09/11 05:41 PM
Joined: Apr 2004
Posts: 840
Sat Offline
Hoopy frood
Offline
Hoopy frood
Joined: Apr 2004
Posts: 840
I think the bigger issue would be this:

Quote:
3) When mIRC DNS requests for the Host name fails, some mIRC functionality breaks and I cannot use it properly.

But this is fairly vague. What is "some mIRC functionality"? The only thing that I imagine could break would be DCC, but reportedly mIRC supports DCC through SOCKS5 as well.


Saturn, QuakeNet staff
Re: DNS not sent through SOCKS5 proxy [Re: Sat] #233931 25/09/11 10:19 AM
Joined: Sep 2011
Posts: 9
T
theresa33 Offline OP
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
T
Joined: Sep 2011
Posts: 9
Yes, it is DCC that gets broken, since it gets the hostname wrong because the local machine hostname resolution is not performed through SOCKS.

Re: DNS not sent through SOCKS5 proxy [Re: theresa33] #233948 25/09/11 08:36 PM
Joined: Apr 2004
Posts: 840
Sat Offline
Hoopy frood
Offline
Hoopy frood
Joined: Apr 2004
Posts: 840
Originally Posted By: theresa33
Yes, it is DCC that gets broken, since it gets the hostname wrong because the local machine hostname resolution is not performed through SOCKS.

When behind SOCKS5, mIRC uses passive DCC, which does not require knowledge of its own IP address for correct operation. What makes you think it is the failure to resolve the local hostname that leads to your DCC problems?


Saturn, QuakeNet staff
Re: DNS not sent through SOCKS5 proxy [Re: theresa33] #233949 25/09/11 08:38 PM
Joined: Dec 2002
Posts: 4,521
Khaled Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 4,521
Just to clarify: you have your "On connect, always get" set to the "server" lookup method. You then connect to an IRC server through your proxy (by specifying the named address of the proxy in the proxy dialog in mIRC). Once connected, mIRC performs a /userhost on your nickname (which is the "server" lookup method) that returns the named address of the proxy, since that is what the IRC server sees as your originating address. When mIRC performs a DNS resolution on the proxy's named address, it should return the correct IP address since mIRC has just connected to that address.

If you /userhost yourself while connected to the server through your proxy, what does the server return as a reply?