Hello,
Am 24.9.2013 14:31, schrieb Eliezer Croitoru:
> Hey there,
>
> you can try to define a dst domain regex that will verify the
> destination domain.
>
> I am trying to understand how can you use a proxy and no DNS??
Because our proxy hands all http requests to external (=internet) sites
over to the parent proxy (for doing that, dns is not necessary), direct
access is only possible for internal hosts (this needs dns, this works
fine).
> ... what a reconf to the service does? is it affecting anything at
> all?
What kind of reconfigure do you mean?
> you do have dstdomain acls which can be the source for some of the
> trouble but it's not 100% until tested more.
As far as I understand, dstdomain acls causes dns requests only in case
of a given IP address (making a PTR request to find out the
corresponding domainname)
> can you describe the network environment in more details?
(myNet + internal servers + myProxy) -> (Firewall + parentProxy) ->
internet
> ... The fastest way to deny DNS queries is to lower the way they are
> being
> handled.
I don't want to deny the DNS queries, I think they are not necessary
and I am wondering why squid make these queries.
Kind Regards
Thomas
Received on Tue Sep 24 2013 - 12:57:19 MDT
This archive was generated by hypermail 2.2.0 : Wed Sep 25 2013 - 12:00:06 MDT