Squid really should be changed to use "connected" UDP sockets, one per
configured DNS server, rather than an anonymously bound UDP socket.
The udp_outgoing_address or (indirectly) udp_outgoing_address is meant
to be able to control which IP Squid opens the DNS client port at.
Regards
Henrik Nordström
Squid Developer
David Banz wrote:
>
> Hello!
>
> I am using Squid 2.3stable4 (configures so that Squid does DNS lookups
> itself), and I was wondering why the UDP port used by Squid for this purpose
> is constantly kept "open" until Squid is shut down.
> Wouldn't it be safer to use a separate UDP port for each new DNS query, which
> is closed after the query has been answered or a timeout has occurred?
> Personally, I don't like the idea of having a port accepting incomming data
> all the time, which I cannot hide behind a firewall.
> (Sorry if my terminology might be a bit incorrect, but I hope you still get
> the idea...)
>
> --
> David Banz
Received on Tue Mar 26 2002 - 06:12:51 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:06 MST