On Thu, 8 Jul 2004, Andrew Carroll wrote:
> Can someone please explain to me the behaviour of squid's DNS
> cache/resolver? I'm working on a project that uses WCCP2 with client
> source address spoofing (netfilter and tproxy) that needs to use the
> original destination address as a hint to selecting the forwarding
> address.
You then need to bypass the DNS lookup by providing the intended
destionation IP to the commConnectStart call.
Also remember to adjust the storeKeyPublic() function to include the
destination IP in addition to the URL. If not it will become trivial for
any of your users to pollute your cache.
A patch implementing this is most welcome for Squid-3 and is also
frequently asked for by users of Squid-2.5 but can not be merged into 2.5
due to release maintenance policy of no new features in STABLE releases.
> Is it feasible to change squid's DNS cache behaviour to keep old expired
> IPs rather than flushing them, while adding new IPs when the actual TTL
> expires on the currently cached address?
It has been considered and will quite likely get done sooner or later. But
it is not relevant if using the original destination as outlined above.
We first need the last DNS patch fixing multimple concurrent lookups of
the same DNS name to implement this lookup optimization.
Regards
Henrik
Received on Thu Jul 08 2004 - 01:14:56 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Jul 31 2004 - 12:00:03 MDT