DNS Resolution
The proxy needs DNS to connect to remote hosts. It turns a domain name into an IP address. Without DNS, the proxy cannot reach upstream servers.
Default behavior
- The system resolver is used by default.
- DNS cache is disabled by default.
DNS cache
The cache stores recent DNS results in memory. It uses TTL from DNS answers when available. TTL is the time the answer can be reused.
Enable or tune the cache with:
segproxy --dns-cache-size 512
Disable the cache with:
segproxy --dns-cache-size 0
Custom DNS server
You can set a DNS server IP:
segproxy --dns-server 1.1.1.1
When you set a custom DNS server, real TTL values are used.
DNS port
The DNS port is 53 by default. You can change it with:
segproxy --dns-port 5353
DNS transport
The transport is UDP by default. You can choose UDP or TCP:
segproxy --dns-transport udp
segproxy --dns-transport tcp
UDP to TCP fallback
If you use UDP, the proxy can retry with TCP. This happens on timeout or network error. It also happens when the reply is cut short.
If you set TCP, the proxy uses TCP only. It does not try UDP.
Examples
Default system DNS and no cache:
segproxy
Cache enabled with system DNS:
segproxy --dns-cache-size 512
Custom DNS server with cache:
segproxy --dns-server 1.1.1.1 --dns-cache-size 512
Custom DNS port:
segproxy --dns-server 1.1.1.1 --dns-port 5353
TCP transport:
segproxy --dns-server 1.1.1.1 --dns-transport tcp
Troubleshooting
- DNS failures stop outbound connections.
- Try switching between UDP and TCP.
- Check that the server and port are reachable.
- DNS logs are available in DEBUG level.
- Run with debug logging enabled to see cache and fallback behavior.
segproxy --log-level DEBUG
Summary
- The system resolver is the default.
- DNS cache is off unless you enable it.
- A cache size of 0 turns the cache off.
- A custom DNS server uses plain DNS and real TTL values.
- The DNS port can be changed when needed.
- The DNS transport can be UDP or TCP.
- UDP can retry with TCP on failure or short replies.