client: Fix an issue where non-IP proxy URLs didn’t resolve correctly (#32664)

If the proxy URL is in the form of `example.com` instead of a raw IP address, and `example.com` isn't a well-known domain, then the default URL resolution can fail. The test setup: A Linux machine runs a CoreDNS server with a custom entry: `10.254.7.38 example.com`. On a Windows machine, if the proxy URL is set to `example.com`, the resolved address does **not** end up being `10.254.7.38`. Using `hickory_resolver` for more advanced DNS resolution fixes this issue. Release Notes: - Fixed proxy URL resolution when using custom DNS entries.
2025-06-13 15:17:49 +08:00 · 2025-06-13 15:17:49 +08:00 · bc68455320
commit bc68455320
parent 20793fc251
5 changed files with 154 additions and 8 deletions
--- a/crates/client/Cargo.toml
+++ b/crates/client/Cargo.toml
@ -28,6 +28,9 @@ feature_flags.workspace = true
 futures.workspace = true
 gpui.workspace = true
 gpui_tokio.workspace = true
+# Don't update `hickory-resolver`, it has a bug that causes it to not resolve DNS queries correctly.
+# See https://github.com/hickory-dns/hickory-dns/issues/3048
+hickory-resolver = { version = "0.24", features = ["tokio-runtime"] }
 http_client.workspace = true
 http_client_tls.workspace = true
 httparse = "1.10"
--- a/crates/client/src/proxy.rs
+++ b/crates/client/src/proxy.rs
@ -3,20 +3,30 @@
 mod http_proxy;
 mod socks_proxy;

+use std::sync::LazyLock;
+
 use anyhow::{Context as _, Result};
+use hickory_resolver::{
+    AsyncResolver, TokioAsyncResolver,
+    config::LookupIpStrategy,
+    name_server::{GenericConnector, TokioRuntimeProvider},
+    system_conf,
+};
 use http_client::Url;
 use http_proxy::{HttpProxyType, connect_http_proxy_stream, parse_http_proxy};
 use socks_proxy::{SocksVersion, connect_socks_proxy_stream, parse_socks_proxy};
+use tokio_socks::{IntoTargetAddr, TargetAddr};
+use util::ResultExt;

 pub(crate) async fn connect_proxy_stream(
    proxy: &Url,
    rpc_host: (&str, u16),
 ) -> Result<Box<dyn AsyncReadWrite>> {
-    let Some(((proxy_domain, proxy_port), proxy_type)) = parse_proxy_type(proxy) else {
+    let Some(((proxy_domain, proxy_port), proxy_type)) = parse_proxy_type(proxy).await else {
        // If parsing the proxy URL fails, we must avoid falling back to an insecure connection.
        // SOCKS proxies are often used in contexts where security and privacy are critical,
        // so any fallback could expose users to significant risks.
-        anyhow::bail!("Parsing proxy url failed");
+        anyhow::bail!("Parsing proxy url type failed");
    };

    // Connect to proxy and wrap protocol later
@ -39,10 +49,8 @@ enum ProxyType<'t> {
    HttpProxy(HttpProxyType<'t>),
 }

-fn parse_proxy_type(proxy: &Url) -> Option<((String, u16), ProxyType<'_>)> {
+async fn parse_proxy_type(proxy: &Url) -> Option<((String, u16), ProxyType<'_>)> {
    let scheme = proxy.scheme();
-    let host = proxy.host()?.to_string();
-    let port = proxy.port_or_known_default()?;
    let proxy_type = match scheme {
        scheme if scheme.starts_with("socks") => {
            Some(ProxyType::SocksProxy(parse_socks_proxy(scheme, proxy)))
@ -52,8 +60,38 @@ fn parse_proxy_type(proxy: &Url) -> Option<((String, u16), ProxyType<'_>)> {
        }
        _ => None,
    }?;
+    let (ip, port) = {
+        let host = proxy.host()?.to_string();
+        let port = proxy.port_or_known_default()?;
+        resolve_proxy_url_if_needed((host, port)).await.log_err()?
+    };

-    Some(((host, port), proxy_type))
+    Some(((ip, port), proxy_type))
+}
+
+static SYSTEM_DNS_RESOLVER: LazyLock<AsyncResolver<GenericConnector<TokioRuntimeProvider>>> =
+    LazyLock::new(|| {
+        let (config, mut opts) = system_conf::read_system_conf().unwrap();
+        opts.ip_strategy = LookupIpStrategy::Ipv4AndIpv6;
+        TokioAsyncResolver::tokio(config, opts)
+    });
+
+async fn resolve_proxy_url_if_needed(proxy: (String, u16)) -> Result<(String, u16)> {
+    let proxy = proxy
+        .into_target_addr()
+        .context("Failed to parse proxy addr")?;
+    match proxy {
+        TargetAddr::Domain(domain, port) => {
+            let ip = SYSTEM_DNS_RESOLVER
+                .lookup_ip(domain.as_ref())
+                .await?
+                .into_iter()
+                .next()
+                .ok_or_else(|| anyhow::anyhow!("No IP found for proxy domain {domain}"))?;
+            Ok((ip.to_string(), port))
+        }
+        TargetAddr::Ip(ip_addr) => Ok((ip_addr.ip().to_string(), ip_addr.port())),
+    }
 }

 pub(crate) trait AsyncReadWrite:
--- a/crates/client/src/proxy/socks_proxy.rs
+++ b/crates/client/src/proxy/socks_proxy.rs
@ -1,5 +1,7 @@
 //! socks proxy

+use std::net::SocketAddr;
+
 use anyhow::{Context as _, Result};
 use http_client::Url;
 use tokio::net::TcpStream;
@ -8,6 +10,8 @@ use tokio_socks::{
    tcp::{Socks4Stream, Socks5Stream},
 };

+use crate::proxy::SYSTEM_DNS_RESOLVER;
+
 use super::AsyncReadWrite;

 /// Identification to a Socks V4 Proxy
@ -73,12 +77,14 @@ pub(super) async fn connect_socks_proxy_stream(
    };
    let rpc_host = match (rpc_host, local_dns) {
        (TargetAddr::Domain(domain, port), true) => {
-            let ip_addr = tokio::net::lookup_host((domain.as_ref(), port))
+            let ip_addr = SYSTEM_DNS_RESOLVER
+                .lookup_ip(domain.as_ref())
                .await
                .with_context(|| format!("Failed to lookup domain {}", domain))?
+                .into_iter()
                .next()
                .ok_or_else(|| anyhow::anyhow!("Failed to lookup domain {}", domain))?;
-            TargetAddr::Ip(ip_addr)
+            TargetAddr::Ip(SocketAddr::new(ip_addr, port))
        }
        (rpc_host, _) => rpc_host,
    };