Ability to control hostname resolution for ncat proxy destinations

Closes #1214, fixes #1230, closes #1439
2026-05-13 08:46:45 +00:00 · 2019-02-23 22:34:13 +00:00 · 2019-02-23 22:34:13 +00:00 · dbed133fc5
commit dbed133fc5
parent 12f1894f97
7 changed files with 220 additions and 78 deletions
--- a/ncat/docs/ncat.usage.txt
+++ b/ncat/docs/ncat.usage.txt
@ -42,6 +42,7 @@ Options taking a time assume seconds. Append 'ms' for milliseconds,
      --proxy <addr[:port]>  Specify address of host to proxy through
      --proxy-type <type>    Specify proxy type ("http", "socks4", "socks5")
      --proxy-auth <auth>    Authenticate with HTTP or SOCKS proxy server
+      --proxy-dns <type>     Specify where to resolve proxy destination
      --ssl                  Connect or listen with SSL
      --ssl-cert             Specify SSL certificate file (PEM) for listening
      --ssl-key              Specify SSL private key (PEM) for listening
--- a/ncat/docs/ncat.xml
+++ b/ncat/docs/ncat.xml
@ -468,6 +468,38 @@
          <option>--proxy-type socks4</option>, it should be a username only.</para>
        </listitem>
      </varlistentry>
+
+      <varlistentry>
+        <term>
+          <option>--proxy-dns <replaceable>type</replaceable></option> (Specify where to resolve proxy destination)
+          <indexterm><primary><option>--proxy-dns</option> (Ncat option)</primary></indexterm>
+        </term>
+        <listitem>
+          <para>In connect mode, it provides control over whether proxy
+          destination hostnames are resolved by the remote proxy server or
+          locally, by Ncat itself.
+          Possible values for <replaceable>type</replaceable> are:</para>
+
+          <para><literal>local</literal> - Hostnames are resolved locally on
+          the Ncat host. Ncat exits with error if the hostname cannot be
+          resolved.</para>
+
+          <para><literal>remote</literal> - Hostnames are passed directly onto
+          the remote proxy server. This is the default behavior.</para>
+
+          <para><literal>both</literal> - Hostname resolution is first
+          attempted on the Ncat host. Unresolvable hostnames are passed onto
+          the remote proxy server.</para>
+
+          <para><literal>none</literal> - Hostname resolution is completely
+          disabled. Only a literal IPv4 or IPv6 address can be used as
+          the proxy destination.</para>
+
+          <para>Local hostname resolution generally respects IP version
+          specified with options <option>-4</option> or <option>-6</option>,
+          except for SOCKS4, which is incompatible with IPv6.</para>
+        </listitem>
+      </varlistentry>
    </variablelist>

  </refsect1>
@ -817,7 +849,9 @@
        <listitem>
          <para>Completely disable hostname resolution across all Ncat options,
          such as the destination, source address, source routing hops, and
-          the proxy. All addresses must be specified numerically.</para>
+          the proxy. All addresses must be specified numerically.
+          (Note that resolution of proxy destinations is controlled separately
+          via option <option>--proxy-dns</option>.)</para>
        </listitem>
      </varlistentry>