Re: [squid-users] General Question in DNS with squid

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 18 Aug 2013 19:25:39 +1200

On 12/08/2013 10:39 p.m., Ahmad wrote:
> hi ,
>
> this is a general networking question about DNS ,
>
> my question is as shown :
>
> now assume im a pc have ip , gateway , DNS configured on my lan card ,
>
> now assume i requested Google.com ,
> as i learned in networking ==> Google.com is send to my dns server so
> that DNS server resolve it to ip
> after it is resolved i will go to dst ip of google with dst port 80 , assume
> it is "80" http :)
>
> assume there was transparent squid between google.com and internet , it mean
> i will go to that squid cache and be served .
>
>
>
> but my question again , why squid can resolve DNS queries ??????

Because several reasons ... the normal operation is for the browser
client to be configured to use an explicit proxy. So there is no DNS
lookup done on the client, it just sends the proxy the request with URL
details. The proxy does the DNS in that case.

The intercepting Squid does security checks to ensure the requested
domain is actually where the client was going. The result of that check
determines what that Squid is allowed to do with the traffic (if it is
safe to cache for other clients use, or safe to route at closer IP address).

> as i understand it is not a squid work to resolve names to ips , it is
> work of DNS servers ,
>
> so why in squid we have dns configs ??

Squid needs to send questions to the DNS servers like any other
networking software. So there are settings controlling what it asks, and
how.

> is it mandatory to put DNS in some occasions ??? wish to know them if there
> were
>
> note i use WCCP with Tptoxy .

Yes it is mandatory for forward and interception mode traffic. See
above. It is optional for reverse-proxy, but sometimes useful there too.

Amos
Received on Sun Aug 18 2013 - 07:25:42 MDT

This archive was generated by hypermail 2.2.0 : Mon Aug 19 2013 - 12:00:26 MDT