phil curb wrote:
> ok, amos. there have been some developments, based on
> what you wrote.. I couldn`t find anything of your
> reply to say yes to..
>
> Removing dns_nameservers from squid.conf, so it is
> like default.
>
> When I set windows to get IP automatically, and DNS
> manually..
>
> If I set DNS to 192.168.0.1 Then wireshark shows DNS
> working normally..
> comp to 192.168.0.1
> 192.168.0.1 to comp
> I can browse (without squid).
> And squid works too (I can browse with squid)
>
> If I set comp DNS to 10.0.0.138, then Wireshark shows
> DNS working funny, like I described in my post.
> I can browse.
> and squid does not work
> (hence the dns_nameserver workaround)
>
> Remember.. When I got DNS automatically, I got
> 10.0.0.138 Same thing as setting it manually to
> 10.0.0.138. same behaviour.
>
> Looking at wireshark, the reason is probably that
> windows can handle the funny DNS involving 2 ips even
> when it is only given one ip as DNS server. Whereas
> squid cannot handle that. Hence the dns_nameserver
> workaround worked when specifying both DNS ips.
>
More specifically Squid takes the secure route only accepts a DNS
response from the same server it asked. Windows takes the convenient
route and accepts a DNS response from anyone.
What I think Amos was saying is that your NAT router should either
answer DNS queries from the same IP that receives the query, or it
should give the proper address for "option domain-name-servers" in
DHCP. Accepting DNS queries on one IP and replying on another is
weird. I wonder if the HTTP connection to 10.0.0.38 does the same
thing. Would that even work with a TCP stream?
> note- had to close and start squid (not IE) after any
> change in windows DNS settings, for DNS change to take
> effect.
>
Chris
Received on Thu Dec 06 2007 - 16:07:00 MST
This archive was generated by hypermail pre-2.1.9 : Tue Jan 01 2008 - 12:00:01 MST