Re: squid internal DNS weirdness?

From: Andres Kroonmaa <andre@dont-contact.us>
Date: Thu, 15 Feb 2001 17:53:54 +0200

 hmm, isn't this a security hazard?
 We'd better yell or subst for 127.0.0.1, imho.

On 15 Feb 2001, at 1:10, Duane Wessels <wessels@squid-cache.org> wrote:

> On Tue, 13 Feb 2001, Adrian Chadd wrote:
> >
> > Hi squid-dev guys,
> >
> > What do you think of this?
>
> > domain pix.net
> > nameserver 0.0.0.0
> > nameserver 192.111.45.13
> > nameserver 198.6.1.5
> > [...]
> > Squid then ignores all the answers coming back from that nameserver,
>
> I added an option to handle this case
>
> NAME: ignore_unknown_nameservers
> TYPE: onoff
> LOC: Config.onoff.ignore_unknown_nameservers
> DEFAULT: on
> DOC_START
> By default Squid checks that DNS responses are received
> from the same IP addresses that they are sent to. If they
> don't match, Squid ignores the response and writes a warning
> message to cache.log. You can allow responses from unknown
> nameservers by setting this option to 'off'.
> DOC_END

------------------------------------
 Andres Kroonmaa <andre@online.ee>
 Delfi Online
 Tel: 6501 731, Fax: 6501 708
 Pärnu mnt. 158, Tallinn,
 11317 Estonia
Received on Thu Feb 15 2001 - 08:58:32 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:31 MST