squid.conf and double dns

From: Richard Blanchet <Richard.Blanchet@dont-contact.us>
Date: Thu, 24 Apr 1997 23:30:53 +0200

Hello squid-users

My problem is related to a double DNS configuration interacting with squid
conf, or what configuration to set up to access an external server with name in
an internal domain.

I have webserver.my.domain at some providers location outside my.domain that I
want to reach from my.domain through my firewall.

As my internal squid.conf says:
# TAG: inside_firewall
# This tag specifies a list of domains inside your Internet
# firewall.
# The use of this tag affects the server selection algorithm in
# two ways. Objects which do not match any of the listed domains
# will be considered "beyond the firewall." For these:"
# - There will be no DNS lookups for the URL-host.
# - The object will always be fetched from one of
# the parent or neighbor caches.
# As a special case you may specify the domain as 'none' to force
# all requests to be fetched from neghbors and parents.
inside_firewall my.domain
# TAG: local_domain
# This tag specifies a list of domains local to your organization.
# For URLs which are in one of the local domains, the object
# is always fetched directly from the source and never from a
# neighbor or parent.
local_domain local.my.domain

And my FireWall squid.conf says:
# TAG: inside_firewall
#inside_firewall my.domain
# TAG: local_domain
local_domain my.domain

Every time I ask for some.server.external.domain: it gets it just fine through
the firewall,

And everytime I ask for server.local.my.domain: it gets it directly from the
server.local (or from its own cache),

But if I ask for webserver.my.domain: either it tries to get it directly and
can't reach it (if I declare the name in my internal DNS) or it answers "DNS
name lookup failure" (if I don't)... as it it is supposed to reach through the
FW that won't let my internal squid proxy speak with outside world.

I know that I could get squid/1.1.9+external programms re-write the URLs to
some web.external.domain to get it through but I would not like to have to do

So does anyone has a clue about the proper conf I should set up to have it

... or, if this conf is not possible to set with squid/1.1.9, is there any plan
to put this feature in some future release ?

Thanks in advance for your clues or infos,


"You may say I'm a dreamer,... but I'm not the only one..."     J.L.
Received on Thu Apr 24 1997 - 14:56:08 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:02 MST