1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

srelay with dns resolution

Discussion in 'Tomato Firmware' started by vajonam, Sep 29, 2009.

  1. vajonam

    vajonam Addicted to LI Member

    I am trying to use foxyproxy for socks server switching and want DNS to be resolved remotely by the socks server as well. this works when i use a full socks server like "dante"

    It seems that this doesnt work with srelay, has anybody got this work? or has this feature not been implemented yet on srelay?
     
  2. rhester72

    rhester72 Network Guru Member

    I've personally never seen this done, mostly because if you're using a SOCKS proxy it is assumed you are actually on the network in question and thus have native access to its DNS server(s). Remote SOCKS over the Internet is generally a pretty bad idea (even with SOCKS5 authentication), the preferred method is to have srelay/danted listen only on the LAN and reach it (and DNS) via VPN.

    Rodney
     
  3. vajonam

    vajonam Addicted to LI Member

    The reason for my query is the following.

    I have already OpenVPNed into the network with the SOCKS/srelay server, which means I do have DNS. But FoxyProxy (A firefox plugin that selectivey uses proxies for certain urls) has a setting by which it can use SOCKS to resolve DNS names for those selective sites. This prevents certain DNS requests from going out local network, and are tunneled through SOCKS and resolved that way.
     
  4. rhester72

    rhester72 Network Guru Member

    I get you. I solve the problem by making my VPN-based DNS a higher priority than "local"/corporate DNS (so you will fallthrough chain to intranet addresses when they can't be found in your personal DNS), but FoxyProxy's method should work as well. Unfortunately I can't find any reference to DNS passthrough via srelay (good or bad), so I can only assume that for whatever reason it isn't supported (though it would be interesting to run srelay in debug mode to see if you can even see the connections being attempted).

    Rodney
     
  5. vajonam

    vajonam Addicted to LI Member

    Interesting, I didn't see any "-d" type options on the build I got, will see if there are debug binaries floating around somewhere.
     

Share This Page