@piangere @zonyitoo It's the client's fault. There are two variations in socks5, some client understand both, eg, curl will accept both socks5://127.0.0.1:1080 and socks5h://127.0.0.1:1080, (h for hostname), or firefox with config. Some client only understand one of them, eg, go get. In the unfortunate case of latter one (which is the default), the client will resolve domain name locally then pass ip & port to socks server. With ss, sslocal is the socks5/socks5h server, but it's just a front end, it cannot turn ip back to domain if that's what it only get passed to. You have two choices, 1 hijack dns 2 use a http/https proxy instead of socks5 proxy. -- this is the route ss-windows take, it launch a privoxy.exe in between. 3 inject dll to hijack connection or impl a network driver, eg, sstap or netch's solution. 4 or config you client or switch to alternative client that support socks5h.

It's very unlikely ss-rust will ever fail on this kind of simple case at 2022. If indeed some bug sneak in, it's a very good chance to pinpoint it to avoid further damage and contribute to community. (I'm quite doubtful about this, the surface is too small to make such gross mistake.)