On 19/08/2013 5:46 p.m., Ahmad wrote:
> well ,
>
> uptill now im understanding that dns on squid is needed when putting port
> and ip on clients browsers ,
> but uptill now not understanding how dns queriers will be forwarded to squid
> when using WCCP ???
DNS is not used as part of the forwarding. It is used by Squid for
security checks to ensure the Host: header is valid and whether it is
safe to cache for future HIT traffic (or if it is a possible
CVE-2009-0801 attack and to treat it carefully).
> assume that im using wccp with tproxy ,
>
> how will dns queries from clients will go to squid ??
They do not.
1) Client does DNS to figure out where to send the HTTP request and
sends it there
2) WCCP intercepts the packets and sends them to Squid.
3) Squid does DNS to determine if the client was going to the right server:
3a) if yes, the results from (3) are used instead of those from (1).
3b) if no, the clients destination IP is used.
If you read the FAQ on interception proxy
(http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#Concepts_of_Interception_Caching)
you will notice the problem list states that it doubles the load on your
DNS servers. That doubling comes from step (1) and step (3) both being
required.
> assuming that each client has its own dns configured .
> ?????????????????????????????
Yes the client needs DNS setup. Otherwise step (1) of the above would
not work and the client would simply display "Unable to resolve ..." errors.
If Squid does not also have DNS the client still gets service from
ORIGINAL_DST sources, but the HIT ratio disappears as no requests can be
determined safe to cache.
Amos
Received on Mon Aug 19 2013 - 06:54:54 MDT
This archive was generated by hypermail 2.2.0 : Mon Aug 19 2013 - 12:00:26 MDT