Re: Reverse lookup and dstdomain in saquid 2.3S1

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 09 Feb 2000 01:13:03 +0100

Clifton Royston wrote:
>
> On Tue, Feb 08, 2000 at 03:38:59PM +0100, Isabelle Moullet wrote:
> > It seems to me, Squid is NOT able to do a reverse lookup when we
> > define dstdomain in some ACL.
>
> I believe the dstdomain ACL is not defined as doing a reverse lookup.

It is.

However, no all directives chan handle lookups properly. IIRC only
http_access, always_direct and never_direct can handle them. For the
other ACL based directives to work all information must be available
within Squids DNS cache.

You can increase the likelyhood that the information is in Squids DNS
cache by requiring the information in http_access processing, however
there is still a small race window where it may fail.

You should get what you want if you use the always_direct directive.

Hmm.. have you patched your 2.3.STABLE1? There is a known bug where
reverse lookups always fails on certain platforms.

See http://www.squid-cache.org/Versions/v2/2.3/bugs/ for the patch, or
rebuild Squid with --disable-internal-dns.

--
Henrik Nordstrom
Squid hacker
Received on Tue Feb 08 2000 - 17:35:16 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:51:01 MST