[Yxogenium]

And this issue could be easily overcome if more projects implemented the "socks5h://" protocol (note the 'h'), initially introduced by curl[1] to mandate the SOCKS proxy to also tunnel DNS requests. Sadly it seems that very few programs recognize this (non-standard) protocol: git[2] (using curl), python's request (and urllib) module[3] ... And not much else.

[1]: https://curl.haxx.se/docs/manpage.html#--proxy [2]: https://github.com/git/git/blob/20fed7cad40ed0b96232feb82812... [3]: http://docs.python-requests.org/en/master/user/advanced/#soc...

[pedrocr]

Firefox over a SOCKS5 proxy done with ssh passes this test if you enable the proxy DNS setting. Creating the proxy is as simple as:

  ssh -D 9999 -q -N <your ssh server>

and then configure that in the firefox proxy settings (socks to localhost:9999). If you want a simple way to enable/disable this in firefox I built a minimal extension to do it:

https://addons.mozilla.org/en-US/firefox/addon/proxyswitcher...

The defaults in the config already match that ssh line so all you need to do is press the globe button to enable the proxy.

[snowpanda]

You might be the right person to ask:

When I tried shadowsocks and enabled "proxy dns" in Firefox, every website became painfully slow. Is this simply because no DNS cache had been built?

[pedrocr]

Don't know but note that shadowsocks is not a traditional socks proxy. If I understood it correctly you do a traditional socks proxy to localhost and then a more heavily encrypted link to the actual host. Maybe that second link was slow, either because of the encryption or because it's written in python? ssh gives you as much or more security anyway as there are few protocols as thoroughly checked than ssh and performance seems nice.

[mirimir]

Huh? VPNs aren't SOCKS proxies.