Tunnel DNS Lookups in SOCKS Proxy on Firefox
SSH SOCKS option is a great way to quickly tunnel web traffic. A word of caution for that is all DNS traffic is still in the clear. While the web traffic and URLs aren’t sniffable any more, curious people can still get a sense for what kinds of stuff you’re browsing, based on domain names. (And for the really really paranoid: if you’re on open wireless, your DNS lookups could get hijacked, causing you to browse to look-alike sites ready to phish your login credentials.)
Luckily, with SOCKS5 Firefox can control which side of the proxy handles DNS lookups. By default, it does the lookups locally resulting in the scenario above. To change this, set network.proxy.socks_remote_dns = true in about:config. This makes the SOCKS proxy more like a regular proxy, where DNS is handled by the remote end of the tunnel. Do the following for this:
- In the browser location bar (the place where you type web addresses), type about:config and press Enter. This opens a different set of Firefox preferences.
- Where it says ‘Filter:’ at the top, type network.proxy.socks. The list of preferences will automatically change to show your proxy preferences.
- Highlight ‘network.proxy.socks_remote_dns’ by clicking it only once. Then, right-click it. This opens a small pull-down menu. Select ‘Toggle’ from the menu to change its value to ‘true’. This adds privacy by preventing DNS queries from leaking. This is the reason why Firefox is recommended over other browsers for using this service.
- Close Firefox and restart it.