Re: superfluous DNS lookups

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 15 Jun 2004 09:48:38 +0200 (CEST)

On Tue, 15 Jun 2004, Andrew Ivins wrote:

> With interception proxying, is the DNS lookup that is performed by Squid
> necessary? Would it not be more efficient, possibly even more reliable,
> to use the destination IP address in the original intercepted request?

Both yes and no.

By discarding the original destination IP address caching is made more
effective by being able to cache on the requested hostname. If using the
original destination IP address then caching needs to be done using the
requested hostname + IP address due to security implications of trusting
the client provided destination IP.

The drawback is initial request latency from the double DNS lookup (client
& proxy) and as you say differences in resolving between client and proxy.

> We are thinking of trying to make this change ourselves as we are
> committed to interception caching. Just curious as to what the general
> opinion among the developers would be about such a 'feature'. Are there
> any reasons why this would be a bad idea or particularly difficult?

Mainly it has simply not been done yet as nobody has submitted a patch
implementing the function.

I have nothing against adding an option to enable this mode of operation,
but I do not think it should be the default.

Regards
Henrik
Received on Tue Jun 15 2004 - 01:48:48 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 30 2004 - 12:00:03 MDT