Re[2]: [squid-users] reverse DNS by squid when using parent proxy

From: Cliff <>
Date: Sat, 16 Feb 2002 20:41:44 -0900

Hello Henrik,

Thursday, February 14, 2002, 3:23:08 AM, you wrote:

HN> Squid only looks up DNS data if it has to by configuration. In this
HN> case if there is domain based access controls.
HN> For example, the following config would trigger a reverse lookup of
HN> IP URL:s even if inside a parent and firewalled...

HN> cache_peer....
HN> never_direct allow all
HN> acl local_domain dstdomain
HN> always_direct allow local_domain

I'm seeing exactly this...I think.
Squid gets slow and there's reverse lookups happening
for my internal networks, which shouldn't leak out
to the internet. Am I understanding the
implications correctly?

I don't want squid to proxy for both my internal networks
only when the destination is the web server running on
the same box.

So how do I deny proxying for:

eth1 DSL out to the wild
eth0 192.168.1.x milkyway.hom
eth2 192.168.2.x antares.hom

when the requests are going to the same box?
The local webserver is at .222 on both networks
and solarwinds swears up and down that everything
is fully forward/reversable - no errors on a DNS audit. and are the gateways on the same box.
So there shouldn't be any need for squid to look outside for
a name lookup even if I turn on FDQN logging, Right?

Happen to have an example of 2 or more networks ACL?
I'm lost and confused!

Received on Sat Feb 16 2002 - 22:41:49 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:23 MST