DNS leak with firefox ?

[flyingfeather99]

update: more testing, zero omega cause dns leak too, only firefox manual proxy setting is ok

Description

Firefox with SmartProxy may cause DNS leak.

Steps to Reproduce

windows11 firefox 129.0.2 (64-bit)
smartproxy 1.5

case	result
firefox + smartproxy	dns leak
firefox + firefox custom proxy setting	no leak
firefox + zero omega	no leak
chrome + smartproxy	no leak

dns leak test
zero omega

leak:

no leak:

Which browsers did you test this on?

Chrome, Firefox

Affected browser versions

windows firefox 129.0.2 (64-bit)

Affected SmartProxy versions

1.5

Screenshots of the problems or steps to reproduce

No response

Any additional context

No response

[salarcode]

What is the type of proxy you have tried, Http or Socks5 ?

[flyingfeather99]

What is the type of proxy you have tried, Http or Socks5 ?

@salarcode
Both of two led to DNS leak. And of cause i checked the "proxy dns when using socks5".

[salarcode]

With Http proxies, DNS is expected to leak as there no option available for extensions to enable DNS over HTTPS.
Related to #160 and the Firefox bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=1455425

As for Socks5 i'm not sure, maybe make sure the DNS feature is working fine in your Socks 5 server?

[salarcode]

Also try in Always Enable mode first.
In Smart mode the rules will apply if the rule domain matches

[flyingfeather99]

Also try in Always Enable mode first. In Smart mode the rules will apply if the rule domain matches

Is domain matching just comparing strings, not resolving DNS?

but anyway, it looks like a firefox bug.
https://bugzilla.mozilla.org/show_bug.cgi?id=1799411

[salarcode]

Thanks for linking that bug, it seems that the problem comes down to the proxy.onRequest event which only works on HTTP based protocols.
Firefox needs to do something about this but since that bug is reported 2 years ago - knowing the Firefox devs pace - expect another 5 years for that to be fixed!

[Typhonling]

At this stage there seems to be only one solution, in the DNS over HTTPS settings, use “Max Protection” to point to custom DNS servers.
But if the pointing DNS server does not have triage rules, this will not be the best solution.
A more reasonable solution would be to use a socks5 proxy software that comes with a shunt. smartproxy uses Always Enable mode and points to this socks5 proxy. And Max Protection points to the same socks5 proxy.
But that would seem to defeat the need to use smartproxy. Just using firefox's own proxy settings would be sufficient.

I think I found the probable cause.
https://community.geph.io/t/topic/3541/11
Are you using ublock origin? Following the instructions in the link, I turned off the uncloak-canonical-names feature and fixed the DNS leak.