Who is making DNS lookups? My system/browser or my squid proxy/remote server?

Question

I configured squid proxy with anonimizer on a remote server but it seems that the DNS lookup happens before a request is sent to a website over proxy. I am using windows 10 as home system and a squid proxy on a remote centos7. Did I forget some settings to do DNS lookups on the proxy serer?

The same thing happened when I ssh tunneled into the server with squid turned off and local network configured to use the tunnel.

VNP service providers and some proxy providers appear to not have this issue. How are they configuring DNS lookups to go from their remote servers and not from my local machine?

Image: proxy DNS when using SOCKS v5 In firefox, if I check the box in front Proxy DNS when using SOCKS v5, a site like https://ipleak.net/#dnsleak suddenly starts showing DNS servers belonging to hosting provider where the SSH tunneling is connected to. Which is what I wanted to do. How do I do this globally for whole OS or am I forced to use firefox?

Launching chrome from cmd like this: chrome --proxy-server="socks5://localhost:8181" did launch it but it did not tunnel neither http requests or DNS lookups .

Answer 1

A partial answer (as no one else has) -

VPNs operate at a different level in the stack to proxy servers - they operate at a packet level, where proxy servers act at a protocol level.

Broadly speaking -When opening a web page 2 steps are involved:

1. A DNS lookup is performed to convert the domain to an IP address.

2. A (usually tcp) request is made to that IP which asks for the page. This request again includes the domain name because this is required in the typucal case where 1 IP hosts multiple websites.

When you use a VPN for privacy the DNS queries should be routed through the VPN to a DNS server not associated with your ISP - a vpn usually acts like a virtual new connection which sits on top of, and hides the underlying one.

Its relevant that when using a VPN, DNS requests are still made to the OS, which uses a different path to a nameserver to resolve them.

There are different ways of proxying, and that can impact how DNS is done. In some cases the web browser just opens a connection to the proxy. The proxy server then takes the domain specified in the header and retrieves the page. In this case the proxy server handles the DNS.

In the case of transparent proxying - where the requests are intercepted and redirected, the IS still does the initial lookup because it has no knowledge of the proxy.

The easiest way to fix this would be to run a DNS server on the remote and cinfigure your IS to use it. This creates potential issues with others abusing your DNS, which may be solved using a VPN or limiting by IP address if its an option.