Our setup works fine in this situation:
Squid asks the internal DNS. The internal DNS forwards all unknown
unknown request the external DNS, but resolvs all local stuff. If you
want to take load from your internal DNS, you can put a caching DNS on
the squid box.
Anyone who uses the automatic proxy config is bypassing the squid for
local sites.
Additionally all internal sites are not cached (matched with ip-acl =
all non-public adresses 192.168.0.0/16 and so on) for those who insist
of using the proxy for all traffic.
Be careful not to leak internal DNS-Information into the world with this
setup.
Regards, Hendrik Voigtländer
ashish.uchil@tcs.com wrote:
>
>
>
> Greetings all ..
>
> I have a typical problem.
> I have configured squid for internet access.
> All Intranet(inside our organizations) sites are bypassed at the browser
> itself for most of the Users.
> But some users who work on a physically separate network but access our
> squid cannot have these addresses bypassed.
> Thus when they try to access Intranet sites ,they hit the Squid which tries
> to Query the Internet DNS configured and thus results no IP address and the
> request dies.
> Is there anyway in which i can tell the Squid to refer to our Intranet DNS
> for this particular Intranet URL/URL's ?
> I guess entry in the hosts file does not help !!
>
> Regards ,
>
> Ashish Uchil
>
>
>
>
> ------------------------------------------------------------------------
>
> DISCLAIMER: The information contained in this message is intended only and solely for the addressed individual or entity indicated in this message and for the exclusive use of the said addressed individual or entity indicated in this message (or responsible for delivery
> of the message to such person) and may contain legally privileged and confidential information belonging to Tata Consultancy Services. It must not be printed, read, copied, disclosed, forwarded, distributed or used (in whatsoever manner) by any person other than the
> addressee. Unauthorized use, disclosure or copying is strictly prohibited and may constitute unlawful act and can possibly attract legal action, civil and/or criminal. The contents of this message need not necessarily reflect or endorse the views of Tata Consultancy Services
> on any subject matter. Any action taken or omitted to be taken based on this message is entirely at your risk and neither the originator of this message nor Tata Consultancy Services takes any responsibility or liability towards the same. Opinions, conclusions and any other
> information contained in this message that do not relate to the official business of Tata Consultancy Services shall be understood as neither given nor endorsed by Tata Consultancy Services or any affiliate of Tata Consultancy Services. If you have received this message in error,
> you should destroy this message and may please notify the sender by e-mail. Thank you.
>
Received on Tue May 18 2004 - 13:09:28 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Jun 01 2004 - 12:00:01 MDT