[squid-users] DNS weirdness?

From: J Beris <[email protected]>
Date: Wed, 14 Nov 2007 11:13:28 +0100

Hello list,

I'm seeing a very odd thing with one website, something which I can't
explain at all. It only happens with Squid, if I bypass Squid everything
works as normal.

We are trying to access a website: example.com.
This domain name is resolvable both on the Internet and on our
nationwide WAN. We have to go through our WAN, because only then can we
use the web application hosted there. This is not available to the
general public. So far, easy enough. Just route traffic the right way
and things should be okay. Only thing is: we have done so, but Squid
doesn't seem to understand. Let me clarify:

Example.com resolves as 123.123.123.123 for our WAN. It resolves as
200.200.200.200 on the Internet. The Squid machine queries two DNS
servers, both hosted internally. Both DNS servers have
example.com/123.123.123.123 in their forward lookup zone. Doing an
nslookup example.com on the Squid machine gives:
Server: x.x.x.x (ip address of internal DNS)
Address: x.x.x.x (same)

Name: example.com
Address: 123.123.123.123

So far so good. The Squid machine knows the right address for
example.com. Our firewall is configured to route all traffic to
123.123.123.123 to our WAN router instead of Internet router.

If I do a traceroute on the Squid machine to example.com, I first see
our firewall, then the next hop is the WAN router, so traffic gets
routed the right way.

If I bypass Squid and use Lynx on the Squid machine to go to
example.com, it shows me the login page of the web application.

But...if I use a client computer and connect through Squid to
http://example.com, I see the following request line in
/var/log/squid/access.log:
1195033488.299 179843 x.x.x.x TCP_MISS/504 1503 GET http://example.com/
<username> DIRECT/200.200.200.200 text/html

As you can see, Squid tries to grab the page from the Internet address,
not from the WAN address. This does not work, and results in a time-out.
But my question is: where does Squid get the Internet IP address?
I have tried to purge all references to example.com using squidclient,
but it just tells me 404, not found. Which is normal, since it can't
connect to the site.
I have restarted the NSCD daemon, which should purge the DNS cache.

Any ideas where to look?

Thanks,

Joop

------------------------------------------------------------
Dit bericht is gescand op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.
Mailscanner door http://www.prosolit.nl
Professional Solutions fot IT
Received on Wed Nov 14 2007 - 03:14:43 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST