RE: WG: [SQU] Squid behind firewall - DNS Problem from Magnus Ullberg on 2000-12-16 (squid-users)

From: Magnus Ullberg <UllbergM@dont-contact.us>
Date: Sat, 16 Dec 2000 16:20:43 -0600

I'm trying to figure out what you mean.. :)
Are you talking about removing the "hint" records in named.conf? (even if
this isn't what you are talking about I probably still shouldn't have them
in there anyways.. since this is a internal network..)

zone "." {
type hint;
file "named.ca";
};

Magnus Ullberg
Network Coordinator

Area Bancshares Corporation
Networking Department
230 Frederica St.
Owensboro, KY 42301

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@hem.passagen.se]
Sent: Friday, December 15, 2000 11:27 PM
To: Stolle, Martin
Cc: 'squid-users@ircache.net'
Subject: Re: WG: [SQU] Squid behind firewall - DNS Problem

Stolle, Martin wrote:
>
> -----Ursprüngliche Nachricht-----
> Von: Stolle, Martin
> Gesendet: Freitag, 15. Dezember 2000 16:41
> An: 'Magnus Ullberg'
> Betreff: AW: [SQU] Squid behind firewall - DNS Problem
> Wichtigkeit: Hoch
>
> Try to start squid with
>
> /usr/sbin/squid -sYD
>
> which will prevent the reverse name lookup.

Nope. Only the DNS check during startup.

> -----Ursprüngliche Nachricht-----
> Von: Magnus Ullberg [mailto:UllbergM@abcbank.com]
> Gesendet: Freitag, 15. Dezember 2000 16:29
> An: 'Stolle, Martin'
> Cc: 'squid-users@ircache.net'
> Betreff: RE: [SQU] Squid behind firewall - DNS Problem
>
> I'm using Squid2.3STABLE4
> So do I have to modify the code to have it not do a lookup?

It is better to modify the internal DNS to know that there is no
in-addr.arpa information for other networks. How you do that is by
adding an in-addr.arpa zone with only your internal networks.

If you do not have a internal DNS then make sure Squid knows this.
1. Configure the OS to not use DNS (no /etc/resolv.conf, dns not
mentioned in /etc/nsswitch.conf)
2. Build squid with --disable-internal-dns to switch to the "old" method
using the resolver functions of the OS.

--
Henrik Nordstrom
Squid hacker
--
Henrik Nordstrom
Squid Hacker
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html

Received on Sat Dec 16 2000 - 15:23:17 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:00 MST