Re: [squid-users] Alternative DNS server

From: Kevin <[email protected]>
Date: Mon, 11 Apr 2005 23:23:12 -0500

On Apr 11, 2005 6:58 PM, Ben Wylie <squid@benwylie.co.uk> wrote:
> I am thinking of installing Squid as a caching http proxy.
> I have just installed a DNS server (TreeWalk) which not only
> caches the DNS queries, but apparently it makes sure that the
> servers it polls for DNS records are authoritative,
> meaning that it is safer and less likely to be subject to DNS
> poisoning (as I understand it).

Interesting. If this is all behind a firewall, you might consider
setting your TreeWalk server(s) as the DNS server for all your
protected hosts, and enforce this by setting a firewall rule
such that only the TreeWalk server(s) can make outbound
connections on TCP or UDP port 53.

> This is all on Windows 2003 by the way.
> I was going to install the Windows port from:
> http://www.acmeconsulting.it/SquidNT.htm
>
> Is there a way to make sure that my applications use TreeWalk
> as their DNS server but Squid as the Caching proxy?
> Perhaps someway to get Squid to use TreeDNS instead of it's
> own dns server?

If you can configure your client hosts to use the Squid cache as
an "explicit" HTTP proxy (not in transparent/redirected mode),
then the clients should no longer be attempting to resolve DNS
names to IP addresses themselves, but rather they should just
hand off the original hostname to Squid in the proxy-HTTP
request, and let Squid do the name resolution.

Assuming this is the case, then all you need to do is make sure
that your SquidNT is using your TreeWalk nameserver for it's
lookups, and you should be all set.

You might research Proxy Automatic Configuration (PAC) scripts
as one option to direct clients to do the right thing (go direct, use
a caching proxy, roll over and play dead) for particular URLs.

Kevin Kadow
Received on Mon Apr 11 2005 - 22:23:14 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:03 MDT