On Wed, 16 Mar 2005 newsgroups.mail2@xxxxxxxxxxxxx wrote:
Okay, so it seems I'm using the wrong ACL type, but which one would be right?
Which kind of acl to use depends on what data you have.
In most whitelist situations you need to use both dstdomain and dst acls for different portions of the whitelist.
IOW, I don't need the functionality that squid checks if the DNS name a user entered matches the IP in this list, I only need to check if the IP entered by the user is one of the IPs in this list. Would I have to use regular expressions for that, or is there a simpler way?
The best would be to combine a regex matching "any IP" with a dst acl having the IP whitelist. This to ensure the ip based ACL is only used when the user actually requested an IP.
I posted a regex for "requested by IP" matching some days ago.
Also, what I don't understand is why a DNS server that doesn't know the queried IP/DNS, and also doesn't know which other DNS servers to ask, still speeds up the process.
Because it sends a negative response relatively quickly. If not Squid will keep on retransmitting the DNS lookup for some time before giving up.
Regards Henrik
