Connection timing out on SOCK5 proxies

[Newcool1230]

When setting a sock5 proxy, any matching url gets timed out/infinite loads. The proxy is responsive as I can reach it using python/curl. Just unable to reach it with the extension

FoxyProxy Basic version: 8.2
Firefox: 120.0.1

Regex: icanhazip\.com
OR
Wildcard: *icanhazip.com*

import requests

proxies = {
    'http': f'socks5://{prox["socks"]}:{port}',
    'https': f'socks5://{prox["socks"]}:{port}'
}

r = requests.get('http://icanhazip.com', proxies=proxies)

print(r.text) // 104.XXX.XXX.XXX

$ curl -x "socks5://host:port" "http://icanhazip.com"
104.XXX.XXX.XXX

[ericjung]

Does your proxy server use authentication or not? I will try to reproduce, but I did a lot of testing of this last weekend. Anything you can do to help reproduce it is helpful. Thank you.

[Newcool1230]

Heyo, no authentication. This issue only happened recently, as I was able to proxy previously with the standard version. I played around with it a little more. It seems like the domain is not being resolved. (ipv4 proxy works correctly)

This reminded me of a firefox announcement https://blog.mozilla.org/en/products/firefox/encrypted-hello/. I do have DNS over HTTPS enabled I added the sites to the exceptions but it didn't work.

So I disabled DNS over HTTPS and it worked! I'm not sure how you can fix this... but hopefully this helps.

For transparency the thing that was causing issue was DNS over HTTPS:

• Max Protection
  • Cloudflare
  • NextDNS
  • Custom (I also tried a custom DNS as well, it didn't work)

Increased Protection and below worked fine.

[erosman]

If I recall correctly, there are issues with DoH and SOCKS in Firefox.

See also:

1. Impossible to use proxies with DoH
2. DNS search domain bypassing SOCKS proxy
3. Firefox queries DNS of Proxy destination
4. "Proxy DNS when using SOCKS v5" should be greyed out when "Enable DNS over HTTPS" is enabled
5. DoH cannot be used with SOCKS5 proxy (curl)

[sebix]

@Newcool1230 Can you open the console, open the network tab, reload the page, and see what error it shows for you?

[Newcool1230]

@sebix when trying to proxy with DoH Max Protection, in the network tab it shows NS_ERROR_NET_TIMEOUT

[erosman]

Are you still having the issue with the latest release?

[Newcool1230]

Are you still having the issue with the latest release?

Hey erosman happy holidays! Yes, I'm still getting the same error on v8.8 while using DoH Max Protection.

[erosman]

Happy Holidays 🎉

Have you tried with Proxy DNS enabled for that proxy?

[Newcool1230]

Have you tried with Proxy DNS enabled for that proxy?

Yup, it still gives me a timeout.

[erosman]

I am going to have a chat with Mozilla engineers about it.

[erosman]

From the chat:

erosman: It has been reported that there is conflict between DoH (DNS over HTTPS) & Proxy DNS, indicating that the DoH does not respect Proxy DNS.

manuel: DoH taking priority over proxy DNS is desirable, because DoH enables us to do ECH. Reading through the bugs I see that there is some unintended behavior that needs fixing. Thanks for raising these bugs again.

The DoH requests should still be made over the proxy (requests to destination.com shouldn't be made without the proxy). https://bugzilla.mozilla.org/show_bug.cgi?id=1741375 is one step in that direction.

erosman: The way I look at it, DoH is general while Proxy DNS is specific. If DoH is set, the hierarchy then should be DoH everywhere normally, but if Proxy DNS is set, proxy DNS should be applied for SOCKS instead.
That would be similar to how specificity works in CSS.

Furthermore, please note that:

• When proxying, DNS (query of the target site) is left to the proxy server (the whole request is) and the browser does not (should not) bother with the DNS of the target site