Re: [squid-users] DNS weirdness?

J Beris wrote:
> Hello list,
>
> I'm seeing a very odd thing with one website, something which I can't
> explain at all. It only happens with Squid, if I bypass Squid everything
> works as normal.
>
> We are trying to access a website: example.com.
> This domain name is resolvable both on the Internet and on our
> nationwide WAN. We have to go through our WAN, because only then can we
> use the web application hosted there. This is not available to the
> general public. So far, easy enough. Just route traffic the right way
> and things should be okay. Only thing is: we have done so, but Squid
> doesn't seem to understand. Let me clarify:
>
> Example.com resolves as 123.123.123.123 for our WAN. It resolves as
> 200.200.200.200 on the Internet. The Squid machine queries two DNS
> servers, both hosted internally. Both DNS servers have
> example.com/123.123.123.123 in their forward lookup zone. Doing an
> nslookup example.com on the Squid machine gives:
> Server: x.x.x.x (ip address of internal DNS)
> Address: x.x.x.x (same)
>
> Name: example.com
> Address: 123.123.123.123
>
> So far so good. The Squid machine knows the right address for
> example.com. Our firewall is configured to route all traffic to
> 123.123.123.123 to our WAN router instead of Internet router.
>
> If I do a traceroute on the Squid machine to example.com, I first see
> our firewall, then the next hop is the WAN router, so traffic gets
> routed the right way.
>
> If I bypass Squid and use Lynx on the Squid machine to go to
> example.com, it shows me the login page of the web application.
>
> But...if I use a client computer and connect through Squid to
> http://example.com, I see the following request line in
> /var/log/squid/access.log:
> 1195033488.299 179843 x.x.x.x TCP_MISS/504 1503 GET http://example.com/
> <username> DIRECT/200.200.200.200 text/html
>
> As you can see, Squid tries to grab the page from the Internet address,
> not from the WAN address. This does not work, and results in a time-out.
> But my question is: where does Squid get the Internet IP address?

 From the NS listed in /etc/resolv.conf, or squid.conf:dns_nameservers

> I have tried to purge all references to example.com using squidclient,
> but it just tells me 404, not found. Which is normal, since it can't
> connect to the site.
> I have restarted the NSCD daemon, which should purge the DNS cache.
>
> Any ideas where to look?

Which squid version?

tcp_outgoing_address - if one is set make sure the FW route for _that_
IPA to 123.123.123.123 is working correctly.

dns_nameservers - if set the NS listed _ALL_ resolve the IPA to
123.123.123.123
        - if not set the /etc/resolv.conf NS _ALL_ do the same.

Any special routing for example.com or the WAN IP ranges in the
squid.conf file itself?

If present check it works. If not you may need to configure some (should
not if DNS is providing the right details).

To see what squid has you can check:
        squidclient mgr:ipcache | grep "example.com"
        squidclient mgr:fqdncache | grep "example.com"

Amos
Received on Wed Nov 14 2007 - 03:29:50 MST