diff --git a/dns/client.go b/dns/client.go
index 2ded865..85383da 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -2,9 +2,9 @@ package dns
 
 import (
 	"encoding/binary"
-	"errors"
 	"io"
 	"net"
+	"net/netip"
 	"strconv"
 	"strings"
 	"time"
@@ -287,6 +287,7 @@ func (c *Client) AddRecord(record string) error {
 	domain, ip := r[0], r[1]
 	m, err := MakeResponse(domain, ip, uint32(c.config.MaxTTL))
 	if err != nil {
+		log.F("[dns] add custom record error: %s", err)
 		return err
 	}
 
@@ -306,26 +307,20 @@ func (c *Client) AddRecord(record string) error {
 // MakeResponse makes a dns response message for the given domain and ip address.
 // Note: you should make sure ttl > 0.
 func MakeResponse(domain, ip string, ttl uint32) (*Message, error) {
-	ipb := net.ParseIP(ip)
-	if ipb == nil {
-		return nil, errors.New("MakeResponse: invalid ip format")
+	addr, err := netip.ParseAddr(ip)
+	if err != nil {
+		return nil, err
 	}
 
-	var rdata []byte
-	var qtype, rdlen uint16
-	if rdata = ipb.To4(); rdata != nil {
-		qtype = QTypeA
-		rdlen = net.IPv4len
-	} else {
-		qtype = QTypeAAAA
-		rdlen = net.IPv6len
-		rdata = ipb
+	var qtype, rdlen uint16 = QTypeA, net.IPv4len
+	if addr.Is6() {
+		qtype, rdlen = QTypeAAAA, net.IPv6len
 	}
 
 	m := NewMessage(0, ResponseMsg)
 	m.SetQuestion(NewQuestion(qtype, domain))
 	rr := &RR{NAME: domain, TYPE: qtype, CLASS: ClassINET,
-		TTL: ttl, RDLENGTH: rdlen, RDATA: rdata}
+		TTL: ttl, RDLENGTH: rdlen, RDATA: addr.AsSlice()}
 	m.AddAnswer(rr)
 
 	return m, nil
diff --git a/go.mod b/go.mod
index bf65a7a..8311f24 100644
--- a/go.mod
+++ b/go.mod
@@ -26,7 +26,7 @@ require (
 	github.com/templexxx/xorsimd v0.4.1 // indirect
 	github.com/tjfoc/gmsm v1.4.1 // indirect
 	github.com/u-root/uio v0.0.0-20210528151154-e40b768296a7 // indirect
-	golang.org/x/net v0.0.0-20220127074510-2fabfed7e28f // indirect
+	golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect
 )
 
 // Replace dependency modules with local developing copy
diff --git a/go.sum b/go.sum
index 67d2bfc..191ada2 100644
--- a/go.sum
+++ b/go.sum
@@ -128,8 +128,8 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20220127074510-2fabfed7e28f h1:o66Bv9+w/vuk7Krcig9jZqD01FP7BL8OliFqqw0xzPI=
-golang.org/x/net v0.0.0-20220127074510-2fabfed7e28f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk=
+golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
diff --git a/proxy/redir/redir_linux.go b/proxy/redir/redir_linux.go
index 6d1c06f..21d884c 100644
--- a/proxy/redir/redir_linux.go
+++ b/proxy/redir/redir_linux.go
@@ -2,6 +2,7 @@ package redir
 
 import (
 	"net"
+	"net/netip"
 	"net/url"
 	"strings"
 	"syscall"
@@ -83,19 +84,20 @@ func (s *RedirProxy) Serve(cc net.Conn) {
 	}
 
 	c.SetKeepAlive(true)
-	tgt, err := getOrigDst(c, s.ipv6)
+	tgtAddr, err := getOrigDst(c, s.ipv6)
 	if err != nil {
 		log.F("[redir] failed to get target address: %v", err)
 		return
 	}
+	tgt := tgtAddr.String()
 
 	// loop request
-	if c.LocalAddr().String() == tgt.String() {
+	if c.LocalAddr().String() == tgt {
 		log.F("[redir] %s <-> %s, unallowed request to redir port", c.RemoteAddr(), tgt)
 		return
 	}
 
-	rc, dialer, err := s.proxy.Dial("tcp", tgt.String())
+	rc, dialer, err := s.proxy.Dial("tcp", tgt)
 	if err != nil {
 		log.F("[redir] %s <-> %s via %s, error in dial: %v", c.RemoteAddr(), tgt, dialer.Addr(), err)
 		return
@@ -114,12 +116,12 @@ func (s *RedirProxy) Serve(cc net.Conn) {
 }
 
 // Get the original destination of a TCP connection.
-func getOrigDst(c *net.TCPConn, ipv6 bool) (*net.TCPAddr, error) {
+func getOrigDst(c *net.TCPConn, ipv6 bool) (netip.AddrPort, error) {
 	rc, err := c.SyscallConn()
 	if err != nil {
-		return nil, err
+		return netip.AddrPort{}, err
 	}
-	var addr *net.TCPAddr
+	var addr netip.AddrPort
 	rc.Control(func(fd uintptr) {
 		if ipv6 {
 			addr, err = getorigdstIPv6(fd)
@@ -131,32 +133,25 @@ func getOrigDst(c *net.TCPConn, ipv6 bool) (*net.TCPAddr, error) {
 }
 
 // Call getorigdst() from linux/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
-func getorigdst(fd uintptr) (*net.TCPAddr, error) {
+func getorigdst(fd uintptr) (netip.AddrPort, error) {
 	const _SO_ORIGINAL_DST = 80 // from linux/include/uapi/linux/netfilter_ipv4.h
 	var raw syscall.RawSockaddrInet4
 	siz := unsafe.Sizeof(raw)
 	if err := socketcall(GETSOCKOPT, fd, syscall.IPPROTO_IP, _SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&raw)), uintptr(unsafe.Pointer(&siz)), 0); err != nil {
-		return nil, err
+		return netip.AddrPort{}, err
 	}
-	var addr net.TCPAddr
-	addr.IP = raw.Addr[:]
-	port := (*[2]byte)(unsafe.Pointer(&raw.Port)) // raw.Port is big-endian
-	addr.Port = int(port[0])<<8 | int(port[1])
-	return &addr, nil
+	port := raw.Port<<8 | raw.Port>>8 // raw.Port is big-endian
+	return netip.AddrPortFrom(netip.AddrFrom4(raw.Addr), port), nil
 }
 
 // Call ipv6_getorigdst() from linux/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
-// NOTE: I haven't tried yet but it should work since Linux 3.8.
-func getorigdstIPv6(fd uintptr) (*net.TCPAddr, error) {
+func getorigdstIPv6(fd uintptr) (netip.AddrPort, error) {
 	const _IP6T_SO_ORIGINAL_DST = 80 // from linux/include/uapi/linux/netfilter_ipv6/ip6_tables.h
 	var raw syscall.RawSockaddrInet6
 	siz := unsafe.Sizeof(raw)
 	if err := socketcall(GETSOCKOPT, fd, syscall.IPPROTO_IPV6, _IP6T_SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&raw)), uintptr(unsafe.Pointer(&siz)), 0); err != nil {
-		return nil, err
+		return netip.AddrPort{}, err
 	}
-	var addr net.TCPAddr
-	addr.IP = raw.Addr[:]
-	port := (*[2]byte)(unsafe.Pointer(&raw.Port)) // raw.Port is big-endian
-	addr.Port = int(port[0])<<8 | int(port[1])
-	return &addr, nil
+	port := raw.Port<<8 | raw.Port>>8 // raw.Port is big-endian
+	return netip.AddrPortFrom(netip.AddrFrom16(raw.Addr), port), nil
 }
diff --git a/proxy/socks5/client.go b/proxy/socks5/client.go
index f3926de..08e2118 100644
--- a/proxy/socks5/client.go
+++ b/proxy/socks5/client.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 	"io"
 	"net"
+	"net/netip"
 	"strconv"
 
 	"github.com/nadoo/glider/pkg/log"
@@ -74,15 +75,13 @@ func (s *Socks5) DialUDP(network, addr string) (pc net.PacketConn, writeTo net.A
 	buf := pool.GetBuffer(socks.MaxAddrLen)
 	defer pool.PutBuffer(buf)
 
-	var uAddress string
-	h, p, _ := net.SplitHostPort(uAddr.String())
+	uAddress := uAddr.String()
+	h, p, _ := net.SplitHostPort(uAddress)
 	// if returned bind ip is unspecified
-	if ip := net.ParseIP(h); ip != nil && ip.IsUnspecified() {
+	if ip, err := netip.ParseAddr(h); err == nil && ip.IsUnspecified() {
 		// indicate using conventional addr
 		h, _, _ = net.SplitHostPort(s.addr)
 		uAddress = net.JoinHostPort(h, p)
-	} else {
-		uAddress = uAddr.String()
 	}
 
 	pc, nextHop, err := s.dialer.DialUDP(network, uAddress)