squid and dns behind firewall

From: J�rgen Sandner <[email protected]>
Date: Thu, 05 Aug 1999 08:52:57 +0200

We have a firewall to the internet. A (Netscape) Proxy in the firewall is the
only parent for our squid proxies and is marked as "default".
Internal sites must be fetched direct by our squids. Internet sites must be
contacted via the firewall proxy.
We can't resolve dns-names from the internet in our internal net.
Our setup is:

acl local-domain dstdom_regex -i baypol
acl local-ip dst 90.0.0.0/255.0.0.0
                         ^
                         +--------------------yes, I know, should use 10.0.0.0
always_direct allow local-domain
always_direct allow local-ip
never_direct allow all

My problem:
==========
Squid always looks up the internet-dns-names like "squid.nlanr.net".
Our dns server gives a negative reply (we don't have such a domain).
Then squid correctly uses the firewall.
Can I persuade squid, not to ask my dns-server for names, which he may not
access directly?

Juergen Sandner
Received on Thu Aug 05 1999 - 00:42:20 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:47:51 MST