Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provider DNS leaks when using socks5 proxies #2839

Open
nonman734 opened this issue Jan 29, 2025 · 3 comments
Open

Provider DNS leaks when using socks5 proxies #2839

nonman734 opened this issue Jan 29, 2025 · 3 comments
Labels
awaiting feedback fixed priority:medium

Comments

@nonman734
Copy link

When using socks5 for privacy (e.g. via TOR), dns queries for the providers should be made on the far side of the proxy. Instead they are done on the client side, which kind of defeats the whole point of using socks5 for privacy in the first place.

To Reproduce

  1. set up a socks5 proxy
  2. block api.opensubtitles.com in your local dns (e.g. put 0.0.0.0 api.opensubtitles.com in /etc/hosts)
  3. attempt to use that provider
  4. See error in logs
  5. (optional) see the dns query happen locally (e.g. using pihole or some other dns with query logging enabled)

Expected behavior
The DNS query should be done on the other side of the proxy and the provider should still work even with that hostname blocked locally. This is how it works in radarr and sonarr.

Software (please complete the following information):

  • Bazarr: 1.5.1
  • Radarr version any
  • Sonarr version any
  • OS: docker

Additional context

The error which shows up in the logs looks like this, which I am including for the benefit of others searching for the same problem.

SOCKSHTTPSConnectionPool(host='api.opensubtitles.com', port=443): Max retries exceeded with url: /api/v1/login (Caused by SSLError(SSLCertVerificationError(1, "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'api.opensubtitles.com'. (_ssl.c:1000)"))), retrying in 5 seconds...
morpheus65535 added a commit that referenced this issue Jan 29, 2025
@morpheus65535
Added support for remote DNS query over socks5h proxy. #2839
bdbe946
@morpheus65535
Copy link
Owner

Support for remote DNS queries should be added through a new proxy settings option. Let me know if it works for you!

@nonman734
Copy link
Author

nonman734 commented Jan 30, 2025
edited
Loading

Thanks for adding the option! Unfortunately it looks like I am getting an unrelated error from the nightly hotio build so can't confirm yet.

Traceback (most recent call last):
  File "/app/bin/bazarr/../libs/flask/app.py", line 880, in full_dispatch_request
    rv = self.dispatch_request()
         ^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/bin/bazarr/../libs/flask/app.py", line 865, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)  # type: ignore[no-any-return]
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/bin/bazarr/../libs/flask_restx/api.py", line 402, in wrapper
    resp = resource(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/bin/bazarr/../libs/flask/views.py", line 110, in view
    return current_app.ensure_sync(self.dispatch_request)(**kwargs)  # type: ignore[no-any-return]
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/bin/bazarr/../libs/flask_restx/resource.py", line 41, in dispatch_request
    resp = meth(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/app/bin/bazarr/api/utils.py", line 30, in wrapper
    return actual_method(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/bin/bazarr/api/episodes/episodes_subtitles.py", line 86, in patch
    result = list(generate_subtitles(episodePath, [(language, hi, forced)], audio_language, sceneName,
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/bin/bazarr/subtitles/download.py", line 116, in generate_subtitles
    processed_subtitle = process_subtitle(subtitle=subtitle, media_type=media_type,
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/bin/bazarr/subtitles/processing.py", line 146, in process_subtitle
    if settings.general.use_plex is True:
       ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/bin/bazarr/../libs/dynaconf/utils/boxing.py", line 18, in evaluate
    value = f(dynabox, item, *args, **kwargs)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/bin/bazarr/../libs/dynaconf/utils/boxing.py", line 41, in __getattr__
    return super().__getattr__(n_item, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/bin/bazarr/../libs/dynaconf/vendor/box/box.py", line 176, in __getattr__
    raise BoxKeyError(str(E))from _A
dynaconf.vendor.box.exceptions.BoxKeyError: "\'DynaBox\' object has no attribute \'use_plex\'"

morpheus65535 added a commit that referenced this issue Jan 31, 2025
@morpheus65535
Added missing settings preventing proper download of subtitles. #2839
b9a0d9c
@morpheus65535
Copy link
Owner

Sorry, it should be fixed in upcoming beta. Please let me know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
awaiting feedback fixed priority:medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@morpheus65535 @nonman734