[squid-users] Re: SQUID in TPROXY - do not resolve

Amos Jeffries-2 wrote
> On 24/10/2013 6:44 a.m., Plamen wrote:
>> Yes,
>>
>> this is one of the problems I'm also experiencing,
>>
>> the customer is using different DNS than the Squid, and he complains
>> because
>> he says - without your SQUID I can open xxxx web page, but with your
>> SQUID
>> it's not opening.
>
> Ah. So the real problem is "Why is it not opening for Squid?"
>
> The current releases of Squid *do* use the client provided destination
> IP. The DNS resolution is only to determine whether the response is
> cacheable and if alternative IPs may be tried as backup _if_ the client
> given one is unable to connect by Squid.

Hi Amos,

thanks for the valuable feedback.

Do I need to do something specific to get this behavior of Squid where it
uses the dst provided IP, like some directive in config has to be enabled or
it is default behavior?

In this scenario, what happens if the DNS servers configured in SQUID stop
responding for some reason for some period of time (or they become
unreachable), will the traffic continue to pass normally or the users will
start getting errors and they will not be able to browse anymore?

I will give you real life example that I'm trying to resolve.

The ISP is having 2 Upstream providers.
The SQUID is running in TPROXY mode, and the squidbox has an IP address from
Upstream 1 and respectively uses this IP to contact DNS servers.

When both upstream providers are working - everything is smooth in terms of
HTTP traffic.

When Upstream 1 goes down for some reason, for a period of time, the
customers which are provisioned with IPs belonging to UPSTREAM 2 also get
affected because the SQUID cannot do DNS lookups anymore.

I'm trying to resolve this kind of issues.

In such cases the caching part for the period of time when no DNS is
available, doesn't really bother me but mostly we are looking for a way not
to disturb the users of Upstream 2.

Thanks in advance.

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/SQUID-in-TPROXY-do-not-resolve-tp4662819p4662852.html
Sent from the Squid - Users mailing list archive at Nabble.com.