Re: [squid-users] DNS Related Problem resolved your further guidance is required. from Amos Jeffries on 2010-03-31 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 31 Mar 2010 19:50:23 +1300

GIGO . wrote:
> Dear Amos,
>
> This problem is resolved by disabling following pieces of lines in my
> setup...
>
> #Define Local Servers # acl localServers dst 10.0.0.0/8 # Local
> server should never be forwarded to neighbour/peers and they should
> never be cached. #always_direct allow localservers #cache deny
> LocalServers
>
> By disabling these directives no dns server is required at all as
> Cache_peer ISA is doing the trick now and ISA servers DNS
> settings(whatever) are being utilized instead right?
>

Yes.

> ok what was happending when these lines were not commented was that
> squid was trying to use the above acl in every request i have not a
> very confident picture. wasn't it should be able to resolve the dns
> throgh the settings in my etc/resovl.conf easily?? Or in reality it
> was trying to use the DNS configuration on the ISA server which has
> externel dns servers configured and therefore have no idea of the
> local network? what is the behaviour? Please guide me.
>

Your Squid was trying to use whatever DNS servers are configured for it
(dns_nameservers or /etc/resolv.conf) to complete that ACL.

Then passing on to ISA, where ISA would use its own DNS servers to do
whatever it has to produce a reply.

This _should_ not be a huge problem, but apparently one of the Squid
configured servers is broken or unable to resolve the domains in good
enough time.

>
> However i just wonder wt good these lines for? when users in you
> local net are bound to go to local servers by configure there
> browsers for "No proxy/bypass for local network web servers settings"

Your understanding seems correct. They only matter when all user traffic
goes through the Squid.
  * The browser can be configured to not use the proxy for local domains.
  * a PAC file can be written to identify local domains and do the same.
  * or Squid can have this type of rule to catch them (though dstdomain
ACL would be better to remove the DNS lookup)

> . Is there a way to go to even local servers through proxy as i have
> developed an understandign that for local servers you have to bypass
> the squid proxy??

No. Squid only needs to know how to get to the server wherever it is,
local or remote makes no difference.
Perhapse some small speed change between going direct and going
through Squid. Nothing more than that.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.1

Received on Wed Mar 31 2010 - 06:50:37 MDT

This archive was generated by hypermail 2.2.0 : Wed Mar 31 2010 - 12:00:06 MDT