Proxy/DNS Issues

Any feedback, suggestion, bug reports, problems....


User avatar
Flagfox Developer
Posts: 723
Joined: Wed Oct 03, 2007 9:06 pm
Location: Philadelphia, USA

Proxy/DNS Issues

Post by DaveG » Tue Feb 16, 2010 2:00 am

Why does Flagfox care if I'm using a proxy?
Flagfox needs domain name service (DNS) access to lookup the IP address of the current site. Normally, you're already at the site and know its IP, and thus we can just look in the local DNS cache used by Firefox. If you're using a SOCKS proxy with remote DNS enabled then this isn't possible, as no DNS lookups will be in your cache. Thus, when you're using a proxy configured for remote DNS Flagfox can't find the IP and doesn't know where you are.

Why should I care if I Flagfox does a DNS lookup with a proxy?
Not all networks using proxies have DNS and in the case of anonymizing proxies, resorting to trying a local DNS lookup would betray your anonymity to your local DNS server. (i.e. your ISP) While most people use proxies out of paranoia, to circumvent company filters, or simply to serve Internet access on their particular network, there are those with a legitimate need to anonymity in order to bypass government censorship, as in the case of the Great Firewall of China. Thus, Flagfox doesn't do local DNS queries when remote DNS is enabled, just in case privacy really is an issue.

What should I do about the warning?
If you're using Flagfox 3.3.0+, Flagfox will tell you when it's disabling itself due to the lack of DNS access. (versions 3.1.0-3.2.8 will ask; update to the current version) This will only come up if you have Firefox properly set to not do local lookups. (see below) In this instance you won't get flag updates, and any actions which use looked up IP addresses or country names/codes won't be able to work. You should still be able to use Geotool and its search plugin, if you wish.

Panic! Flagfox is leaking DNS!
Why is it still working even though I'm proxied?
As of Flagfox 3.2.6, things will work normally if remote DNS is enabled and available. This is to prevent Flagfox from attempting to be more strict than Firefox itself, which is already sending out local DNS queries if remote DNS is not in use. Please configure your proxy settings correctly. (see below) Flagfox does not do a DNS lookup when Firefox tells it not to. Some further reading: Where are my Firefox proxy settings?
Firefox's network settings are under the advanced->network tab in the options/preferences window. (Menu Reference; Network Settings) If you use a special proxy program, such as TOR, your proxy may be listed as "localhost". (in which case you're using a program serving on "localhost" as a proxy, which then forwards requests to some IP in its settings) Firefox's remote DNS setting, however, is hidden. Simply enter about:config into the address bar and then enter network.proxy.socks_remote_dns into the filter field. Setting this to true will enable compatible SOCKS proxies to use remote DNS. This setting is set to false by default, however should be enabled for a properly configured anonymizing SOCKS proxy. If you're using a Firefox extension that provides additional proxy features (i.e. FoxyProxy), you may have to configure its proxy settings instead of or in addition to the normal Firefox ones. See your extension's documentation for more information.

Remote DNS is enabled, but Flagfox is still doing lookups.
You must be using only a SOCKS proxy, and no HTTP proxy, for Firefox to correctly tell everything to not do local DNS lookups. (this is not my problem; I follow Firefox's settings via the ProxyInfo object it gives me) If you're using an extension which provides additional proxy features, you may need to configure it to not do local lookups separately.

The icon is a blue-green globe with the tooltip "No local DNS access". What does this mean?
This indicates that Flagfox has disabled itself doe to a lack of DNS access. (see above) At some point you got an info bar telling you this and you may have clicked "Don't show me this again" to do it automatically. If the tooltip simply shows as "Unknown Site" with a question mark icon, then that means Flagfox attempted a lookup, but failed. If your local network does not have DNS, or otherwise refuses lookup requests, there is no way to lookup a website's IP; Flagfox simply cannot do flag updates using your network.

How do I undo a "Don't show me this again" checkbox?
Open Flagfox's options (right-click on the flag icon, then select options) and click "Reset Messages" in the lower left corner of the window. This option does not appear unless you have any messages to reset. (includes this and other popups) The next time you go to another site while using a proxy, Flagfox will ask you what to do again. Note that after reset or Firefox restart, each individual info bar will only show once per session.

What about web proxies?
There are also web-based proxies, where you go to a special proxy site and enter a URL into a box, and then can browse around anonymously from this page. Flagfox simply cannot work in this instance, as you never really leave the proxy site; the site is simply relaying the pages back to you. Thus, Flagfox will always indicate you're at this proxy site until you leave.

There's something wrong with this FAQ!
Could be. PM me with a link to a reference page proving your point and I will gladly update things here if need be.

Can I get Flagfox to work with remote DNS?
Short answer: No.
Long answer: Maybe. If you use TOR, read the "So what can I do?" bit here: SOCKS & DNS at Tor FAQ. TOR software is capable of being set to take any local DNS requests and make them remotely, then returning the IP locally. I've never tried it, and it may not be worth the effort, but it seems possible.

If anyone knows of some magic way to get an IP via a remote DNS lookup from within Firefox, feel free to enlighten me. I know of nothing at this point.

Why is this an issue at all?
The most annoying thing is the fact that Firefox lets an extension override its settings at all. The "leaking DNS" problem is Firefox's fault as far as I'm concerned, and I'm just trying to be nice and work around it here.
Last edited by DaveG on Tue Feb 16, 2010 1:50 am, edited 25 times in total.
Reason: This sticky has been updated to remove old information and mention additional proxy extensions