mIRC Home    About    Download    Register    News    Help

Topic Options
#233859 - 20/09/11 03:17 PM DNS not sent through SOCKS5 proxy
theresa33 Offline
Nutrimatic drinks dispenser

Registered: 20/09/11
Posts: 9
Hello,

The scenario:

1) mIRC 7.19 on Windows 7 x64 SP1.

2) Clean installation of mIRC, not an update.

3) Go to Tools -> Options -> Connect -> Proxy

4) Set up the following:

Code:
Connection: Both
Protocol: Socks5
Hostname: 127.0.0.1
Port: 8080


5) Start Wireshark https://www.wireshark.org/

6) Set mIRC to connect to a any IRC server you want.

7) The connection works fine.

8) However, when "On connect, always get: Host name" is enabled, the DNS request for that does not go through the SOCKS5 proxy, as seen in Wireshark.

Why I am doing this:

1) I live in Jordan and in order to get to the internet, I need a SOCKS5 proxy given to me by my ISP.

2) Everything that does not go through the SOCKS5 proxy fails.

3) When mIRC DNS requests for the Host name fails, some mIRC functionality breaks and I cannot use it properly.

I have confirmed this issue with 1 other person on a differently setup computer.

What I am asking for:

1) Can anyone else confirm that the DNS requests for "On connect, always get: Host name" are NOT going through SOCKS5 proxy?

2) If this bug is confirmed, can it be fixed in the next version of mIRC?

Thank you all.
Theresa

Top
#233864 - 20/09/11 11:18 PM Re: DNS not sent through SOCKS5 proxy [Re: theresa33]
argv0 Offline
Planetary brain

Registered: 13/10/03
Posts: 3918
Loc: Montreal, QC, Canada
This is an old and known issue for proxying. It's known as "DNS leak". mIRC does not support tunneling DNS requests through SOCKS proxies (or any proxies that I'm aware of). This wouldn't be a "bug", since the lack of support is by design (I vaguely recall a discussion about this in a forum thread, but I could be wrong). The option would have to be explicitly supported through a separate configuration (checkbox), since not all SOCKS proxies even support tunneling DNS requests, and not all users want their DNS requests tunneled.

You can make a feature request to add this support to mIRC, but it is not *supposed* to work in 7.19.

A workaround would be to DNS hosts prior to using the socks proxy in mIRC.
_________________________
- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"

Top
#233867 - 21/09/11 10:34 AM Re: DNS not sent through SOCKS5 proxy [Re: argv0]
theresa33 Offline
Nutrimatic drinks dispenser

Registered: 20/09/11
Posts: 9
Thank you for the clarification. I will post a feature suggestion then.

I know my SOCKS proxy supports remote DNS requests because I have to use this setting in Firefox network.proxy.socks_remote_dns = true

Top
#233868 - 21/09/11 10:51 AM Re: DNS not sent through SOCKS5 proxy [Re: theresa33]
drum Offline
Fjord artisan

Registered: 08/12/02
Posts: 339
Since this is not currently possible in mIRC alone, you may want to consider using a program like ProxyCap to encapsulate all mIRC traffic through a SOCKS proxy. ProxyCap allows you to force DNS resolution to go through the proxy. In this setup, you would disable your SOCKS proxy settings from within mIRC so that mIRC thinks it is making direct connections. Then you run the ProxyCap program which will redirect the traffic to and from mIRC through the proxy server of your choice.

Top
#233869 - 21/09/11 12:17 PM Re: DNS not sent through SOCKS5 proxy [Re: theresa33]
Khaled Offline


Planetary brain

Registered: 04/12/02
Posts: 4445
Loc: London, UK
Quote:
However, when "On connect, always get: Host name" is enabled, the DNS request for that does not go through the SOCKS5 proxy, as seen in Wireshark.

The "On connect, always get" option is used to determine your own connection's address. In the case of the "normal" lookup method, it gets this locally from your own computer. In the case of the "server" lookup method, it gets this from the IRC server using a /userhost. For most users, it is better to use the "server" lookup method, which is why it is enabled by default. If the "normal" lookup method is not working for you, you should switch back to the "server" lookup method.

Top
#233874 - 21/09/11 03:46 PM Re: DNS not sent through SOCKS5 proxy [Re: Khaled]
theresa33 Offline
Nutrimatic drinks dispenser

Registered: 20/09/11
Posts: 9
Originally Posted By: Khaled
If the "normal" lookup method is not working for you, you should switch back to the "server" lookup method.


Hello Khaled, the "normal" lookup method is unfortunately not working for me, and the "server" lookup method is not working since it cannot connect to the SOCKS proxy.

Should I still post this in the Feature Suggestions forum, or should I not bother since you already know about it? A toggle as suggested by argv0 could work. I will understand if this is not a large priority (or any at all) for you.

For now, I will try out the suggestion by drum to use ProxyCap (thank you drum).

Top
#233875 - 21/09/11 05:33 PM Re: DNS not sent through SOCKS5 proxy [Re: drum]
argv0 Offline
Planetary brain

Registered: 13/10/03
Posts: 3918
Loc: Montreal, QC, Canada
drum's suggestion is much better than supporting this in mIRC in your case for many reasons. Specifically, if *all* your traffic has to go through the proxy, using a single program (ProxyCap or some other similar software) is much easier than setting this proxy in every program you use. Also, some of your programs might not support proxies at all-- in which case the only way to tunnel their data over a proxy would be to use some lower level program like ProxyCap, which redirects all TCP over the proxy regardless of where it came from. This is the better long term solution for your specific situation, IMO, but that said, the feature request may still have merit for others.
_________________________
- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"

Top
#233876 - 21/09/11 05:36 PM Re: DNS not sent through SOCKS5 proxy [Re: Khaled]
argv0 Offline
Planetary brain

Registered: 13/10/03
Posts: 3918
Loc: Montreal, QC, Canada
Khaled,

I believe the issue here is that his /server request itself is performing the DNS to resolve the address to an IP, which is failing, because it is not being performed over the proxy. I don't think he's at the resolving his own host part yet, which would be another separate issue.
_________________________
- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"

Top
#233878 - 21/09/11 06:18 PM Re: DNS not sent through SOCKS5 proxy [Re: theresa33]
Khaled Offline


Planetary brain

Registered: 04/12/02
Posts: 4445
Loc: London, UK
I am still not sure what the actual issue is - the "server" method retrieves your address from the IRC server using /userhost and then resolves it through your ISP's DNS server, which should return your IP address. If you are connecting through a proxy, the IRC server will return your proxy's address, which mIRC then resolves to an IP address. Are you saying that your ISP's DNS server is unable to resolve the address?

Top
#233879 - 21/09/11 06:22 PM Re: DNS not sent through SOCKS5 proxy [Re: argv0]
Khaled Offline


Planetary brain

Registered: 04/12/02
Posts: 4445
Loc: London, UK
Ah, maybe that's what I'm missing - the original report didn't mention an issue with actually connecting to the server, just that the "On connect, always get" was not resolving the local address correctly. For server connections, when connecting through a Socks5 proxy, mIRC does not resolve the address itself - it passes the named address to the proxy directly. If the user is connecting through a non-Socks5 proxy, mIRC does resolve address locally though.

Top
#233880 - 21/09/11 06:41 PM Re: DNS not sent through SOCKS5 proxy [Re: Khaled]
Sat Offline
Hoopy frood

Registered: 19/04/04
Posts: 838
Loc: The Netherlands
I think the bigger issue would be this:

Quote:
3) When mIRC DNS requests for the Host name fails, some mIRC functionality breaks and I cannot use it properly.

But this is fairly vague. What is "some mIRC functionality"? The only thing that I imagine could break would be DCC, but reportedly mIRC supports DCC through SOCKS5 as well.
_________________________
Saturn, QuakeNet staff

Top
#233931 - 25/09/11 11:19 AM Re: DNS not sent through SOCKS5 proxy [Re: Sat]
theresa33 Offline
Nutrimatic drinks dispenser

Registered: 20/09/11
Posts: 9
Yes, it is DCC that gets broken, since it gets the hostname wrong because the local machine hostname resolution is not performed through SOCKS.

Top
#233948 - 25/09/11 09:36 PM Re: DNS not sent through SOCKS5 proxy [Re: theresa33]
Sat Offline
Hoopy frood

Registered: 19/04/04
Posts: 838
Loc: The Netherlands
Originally Posted By: theresa33
Yes, it is DCC that gets broken, since it gets the hostname wrong because the local machine hostname resolution is not performed through SOCKS.

When behind SOCKS5, mIRC uses passive DCC, which does not require knowledge of its own IP address for correct operation. What makes you think it is the failure to resolve the local hostname that leads to your DCC problems?
_________________________
Saturn, QuakeNet staff

Top
#233949 - 25/09/11 09:38 PM Re: DNS not sent through SOCKS5 proxy [Re: theresa33]
Khaled Offline


Planetary brain

Registered: 04/12/02
Posts: 4445
Loc: London, UK
Just to clarify: you have your "On connect, always get" set to the "server" lookup method. You then connect to an IRC server through your proxy (by specifying the named address of the proxy in the proxy dialog in mIRC). Once connected, mIRC performs a /userhost on your nickname (which is the "server" lookup method) that returns the named address of the proxy, since that is what the IRC server sees as your originating address. When mIRC performs a DNS resolution on the proxy's named address, it should return the correct IP address since mIRC has just connected to that address.

If you /userhost yourself while connected to the server through your proxy, what does the server return as a reply?

Top