Re: squid and dns behind firewall

From: J�rgen Sandner <[email protected]>
Date: Fri, 06 Aug 1999 08:04:52 +0200

Henrik Nordstrom wrote:

> > acl local-domain dstdom_regex -i baypol
> > acl local-ip dst 90.0.0.0/255.0.0.0
>
> dst type ACLs requres DNS access. You nee to set up your access rules to
> not use a dst type ACL if you do not want to have DNS queried.

Thank you for answering.
But there is still a problem: How can I set up an environment, where it depends
on the
destination, if squid should use the firewall, without using dst type ACL?
The only way I can think of at the moment, is to use "cache_peer_domain", but
will this really help me? I'm afraid it will do a DNS query, too.

In my opinion, I must tell squid something like:
Hey, look at the hostname-part in the URL.
If it starts with "90" go direct.
If there is a hostname in it, ending with "baypol", do a DNS query and go
direct.
In any other case, don't care about name resolution, because you won't see the
name anyway, it's behind the firewall. So use the firewall.

My problem is, that we have a completely internal DNS, with our own root server.

We can't access Internet DNS, for us the only existing top-level domain is our
"baypol".
And we have internal web-servers, which we want to use, and there are also a few
(thousand) servers out there in the internet, which might be interesting too.
:-)

Juergen Sandner
Received on Thu Aug 05 1999 - 23:59:53 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:47:52 MST