Re: Managing large http_access lists: alternative methods

From: Bill Wichers <[email protected]>
Date: Tue, 14 Apr 1998 00:41:31 -0400 (EDT)

Perhaps you could implement your own root DNS server to handle lookups for
all your satellite cache's "special" DNSes. And if that either fails or
doesn't work for you, it isn't that difficult to write a simple script
that will query a server to get the lookup file(s) for your DNSes. I have
a very simple little little script to keep the root.cache files current on
my DNSes that took only a few minutes to write...

        -Bill

On Mon, 13 Apr 1998, Scott Lystig Fritchie wrote:
[snip]
> Just looking for other options at the moment. Dancer's idea is a
> little sick & twisted, but that's good. The idea would make all
> in-addr.arpa queries weird, which would probably be OK. (Only logging
> by IP now anyway.) To limit the amount of weirdness, I'd have to have
> one of these bastard name servers running locally on each of my caches
> and thus have the hassle of updating each of them.
>
> (Or am I misunderstanding you, Dancer?)
>
> But to take a slightly different approach ... if I were to make a
> small hack to Squid such as:
>
> acl legit_customers revdomainhack squidok.mr.net
>
> ... which would work similarly to the in-addr.arpa domain or Vixie's
> maps.vix.com anti-SPAM blackhole method. If a query comes in from
> A.B.C.D, assume that the "D" is irrelevant (to make the DNS zones
> smaller), then look up C.B.A.squidok.mr.net (or A.B.C.squidok.mr.net).
> If there's a PTR record there, then OK, otherwise deny the request.
>
> Would involve source hackery, but I'm not above doing that, and it
> would keep me clear of the core router jockeys.... :-)
>
> -Scott
>
Received on Mon Apr 13 1998 - 21:45:55 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:40 MST