RE: WG: [SQU] Squid behind firewall - DNS Problem

Ok, ill give that a try.. btw, do you see any problems with the code I sent?
I'll probably use that code until I figure out how to set up DNS correctly..

Magnus Ullberg
Network Coordinator

Area Bancshares Corporation
Networking Department
230 Frederica St.
Owensboro, KY 42301

 -----Original Message-----
From: Henrik Nordstrom [mailto:hno@hem.passagen.se]
Sent: Saturday, December 16, 2000 11:07 PM
To: Magnus Ullberg
Cc: 'squid-users@ircache.net'
Subject: Re: WG: [SQU] Squid behind firewall - DNS Problem

No and yes. If you have a internal DNS system which cannot speak to the
outside world then you should create your own DNS root. This involves
the hints, the zone "." and all your internal data.

What I was actually talking about was to create the zone arpa.inaddr for
reverse lookups, to cheat the DNS server to know that there is no
reverse lookup information available except for your own networks.

--
Henrik Nordstrom
Squid hacker
Magnus Ullberg wrote:
> 
> I'm trying to figure out what you mean.. :)
> Are you talking about removing the "hint" records in named.conf? (even if
> this isn't what you are talking about I probably still shouldn't have them
> in there anyways.. since this is a internal network..)
> 
> zone "." {
>        type hint;
>        file "named.ca";
> };
> 
> Magnus Ullberg
> Network Coordinator
> 
> Area Bancshares Corporation
> Networking Department
> 230 Frederica St.
> Owensboro, KY 42301
> 
>  -----Original Message-----
> From:   Henrik Nordstrom [mailto:hno@hem.passagen.se]
> Sent:   Friday, December 15, 2000 11:27 PM
> To:     Stolle, Martin
> Cc:     'squid-users@ircache.net'
> Subject:        Re: WG: [SQU] Squid behind firewall - DNS Problem
> 
> Stolle, Martin wrote:
> >
> > -----Ursprüngliche Nachricht-----
> > Von: Stolle, Martin
> > Gesendet: Freitag, 15. Dezember 2000 16:41
> > An: 'Magnus Ullberg'
> > Betreff: AW: [SQU] Squid behind firewall - DNS Problem
> > Wichtigkeit: Hoch
> >
> > Try to start squid with
> >
> > /usr/sbin/squid -sYD
> >
> > which will prevent the reverse name lookup.
> 
> Nope. Only the DNS check during startup.
> 
> > -----Ursprüngliche Nachricht-----
> > Von: Magnus Ullberg [mailto:UllbergM@abcbank.com]
> > Gesendet: Freitag, 15. Dezember 2000 16:29
> > An: 'Stolle, Martin'
> > Cc: 'squid-users@ircache.net'
> > Betreff: RE: [SQU] Squid behind firewall - DNS Problem
> >
> > I'm using Squid2.3STABLE4
> > So do I have to modify the code to have it not do a lookup?
> 
> It is better to modify the internal DNS to know that there is no
> in-addr.arpa information for other networks. How you do that is by
> adding an in-addr.arpa zone with only your internal networks.
> 
> If you do not have a internal DNS then make sure Squid knows this.
> 1. Configure the OS to not use DNS (no /etc/resolv.conf, dns not
> mentioned in /etc/nsswitch.conf)
> 2. Build squid with --disable-internal-dns to switch to the "old" method
> using the resolver functions of the OS.
> 
> --
> Henrik Nordstrom
> Squid hacker
> 
> --
> Henrik Nordstrom
> Squid Hacker
> 
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html