I'm installing some new Squid servers on our LAN, and am trying to clean up
some minor niggles I've always had with our environment.
We're behind a firewall, and cannot do DNS lookups on Internet hosts - only
internal addresses. The Squid servers are configured to go directly to
internal trimble.co.nz addresses, and everything else should be redirected
to our external Squid server - which does have Internet access.
However, the internal Squid servers still do DNS lookups for the Internet
addresses before passing the query off to the external server. I assume
that's because I've got rules like:
acl Internal dstdom trimble.co.nz 1.2.3
meaning *.trimble.co.nz and 1.2.3.anything are internal addresses. I guess
that Squid has to resolve any names in URLs it sees to see if they match
1.2.3?
Anyway, I went through and removed any occurrance of IP addresses from "dst"
style acls, and yet the problem remains...
Is there any other reason why Squid needs to lookup names when it already
has enough info to go to the parent? After all, after doing the failed DNS
lookup, it goes to the parent anyway - so why bother?
Squid 2.4-STABLE1 under Redhat 7.1
-- Cheers Jason Haar Unix/Special Projects, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417Received on Tue May 01 2001 - 22:49:02 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:47 MST