-
Notifications
You must be signed in to change notification settings - Fork 397
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Need Bind DNS server for working ? #243
Comments
Using a local caching DNS resolver is recommended since udns uses a single source port for outgoing DNS requests, making spoofing easier. If you trust the network between you and your DNS resolver to have sufficient anti-spoofing measures in place you can ignore the Using a single wildcard entry table like that could allow an attacker to access local services on that VPS, or internal services which that VPS has access but are not intended to be available to the internet at large. I would recommend building a table matching only the specific domains you have configuration in your dnsmasq installation, but this configuration should work. Have you looked at the sniproxy error and access logs? If you don't have logs configured already this configuration will log to files in /tmp/:
|
Thanks for the quick response. I didn't enabled log files before. with my setup lot of sites get error message "SSL_ERROR_NO_CYPHER_OVERLAP". but after I enterd all the domains in config files it that error mostly fixed. but only some sites I still get this error when I load the site first. I tested with all the DNS caching disabled in the client machine and browsers. And every time I clear the cache also. but as soon as I visit some site I get SSL_ERROR_NO_CYPHER_OVERLAP error. after I wait 2 seconds and refresh then sites loading normally. I have no idea what is happening. seems like resolving issue. I tried with local caching DNS but issue still exist. very strange. do you have any explanation ? other than this error all are working impressively well !! |
The error, "SSL_ERROR_NO_CYPHER_OVERLAP", isn't coming from sniproxy. It sounds like the client and server do not have any cryptographic cyphers in common. |
yes surely it not coming from SNI proxy. but when I proxying sites with many sub-domains it will throw SSL error on every major browsers. but after two or three seconds site run properly when I'm refreshed I've no Idea why this happens. And some other users also experiencing slimier issue. |
I would suggest obtaining a packet capture of both the incomming and outgoing TCP connections through sniproxy and then examine the TLS handshakes. SNIproxy doesn't modify the TCP stream so it sounds like a client/server compatibility. |
seems like it browser throwing SSL error because delayed back-end connection
when I go through https_logs result is like this. I have no Idea why connections delay so much. I try to configure sniproxy before make with IPV4 priority. but same results. this is happening with local bind instance as well as google DNS. |
I deployed SNI proxy ON VPS and I used wildcard to proxy all incoming connections,
I use table like this
I use dnsmasq to point necessary domains to the proxy. but some parts of some sites not loading and crashing every time. I don't have Bind DNS server installed on my VPS. do I need to install bind DNS as well for work SNI proxy properly ? or are there other things I have to look ?
The text was updated successfully, but these errors were encountered: