RE: [squid-users] Squid DENY access "www.Symantec.com"

>
> Actually the problem is that the squid can not permit access in web when
> the DNS name of web page is resolved in more than one IP address.
>
> for example: nslookup www.symantec.com
>
> Server: zeus.tesyd.teimes.gr
> Address: 10.0.0.220
> Non-authoritative answer:
> Name: a568.d.akamai.net
> Addresses: 212.205.43.22, 212.205.43.31, 212.205.43.38, 212.205.43.6
> 212.205.43.29, 212.205.43.23
> Aliases: www.symantec.com, www.symantec.d4p.net
> symantec.georedirector.akadns.net
>
> My local DNS server can reply in this query.
> "What do I have to do for facing this problem?"

I don't think it's the IPs which are the problem.

Since DNS admin started getting paranoid about recursive resolvers this
year it's become common to see recursive resolvers which are unable to
recurse CNAME results properly.

It looks to me like www.symantec.com chains through two CNAME domains (
www.symantec.com -> www.symantec.d4p.net ->
symantec.georedirector.akadns.net ) in order to retrieve those IPs. Squid
depends on the DNS resolver to do any such recursion.
nslookup and such tools will often 'helpfully' do the recursion themselves
when the DNS resolver fails.

Amos

>
> ----------------------------------------
>> Date: Fri, 1 May 2009 09:01:59 +0800
>> From: pangj_at_arcor.de
>> To: poly_pan78_at_hotmail.com
>> CC: squid-users_at_squid-cache.org
>> Subject: Re: [squid-users] Squid DENY access "www.Symantec.com"
>>
>> panagiotis polychronopoulos 写道:
>>>
>>> Hi to everyone
>>> I have a problem. The squid do not permit access to www.symantec.com
>>> portal becouse can not resolve the DNS. How i could solve the mystery?
>>>
>>
>> use a correct DNS for squid or create a host entry for that domain
>> name.
>>
>> Regards.
> _________________________________________________________________
> Έχετε Messenger; Έχετε και Windows Live. Μάθετε
> περισσότερα.
> http://microsoft.com/windows/windowslive
Received on Sat May 02 2009 - 05:18:22 MDT