Socks5 Proxy Scheme with Remote DNS resolving

When using a Socks proxy, you must have written a string like socks5://127.0.0.1:8000 to represent the proxy protocol and address. Strings in this format are widely used in CURL based components such as Guzzle, pip, and urllib3. We often want these programs to use a Socks proxy to connect to the internet but get weird connection failures. An interesting part of these strange failures is that accessing some websites works fine, while others cannot. These failures persist even if you have confirmed that there is no failure of the proxy connection itself. At this time, I suggest you consider that these failures are caused by DNS issues, especially when you are in some special network environment, such as the network affected by DNS pollution, the Great Firewall of China or a public WIFI.

We know that the Socks proxy works at the session layer and can forward TCP connections. Furthermore, Socks4a and Socks5 support DNS forwarding. Now, the most commonly used version is Socks5. Let’s take a careful look at the proxy protocol string. The reason for the DNS resolution error is that when we use addresses starting with socks4:// or socks5://, which means the hostname will be resolved locally and get unexpected results. The local resolving is not an actual error or bug. It is a critical feature in some cases. But when you are in a restricted network, your local DNS may be polluted or unavailable. You need to change your protocol prefix to socks4a:// or socks5h://, which means the hostname will be resolved by the proxy server.

This is a problem can be solved by a simple answer and in fact well-defined in the CURL documentation. But most tutorials usually only provide a string like socks5://127.0.0.1:8000 to tell the user how to apply a Socks5 proxy. And access failures caused by DNS are often difficult to recognize and locate. Even if users know that the failure is related to DNS, it is more difficult to search for relevant answers in Google. You can find some discussions like https://github.com/urllib3/urllib3/pull/1036 and https://stackoverflow.com/a/61980997/5616769

Overall, try to use socks5h:// or socks4a:// in your proxy settings when you face some strange access failures. Hope that is helpful for you!

Examples: