On Apr 11, 2005 6:58 PM, Ben Wylie <squid@xxxxxxxxxxxxxx> wrote: > I am thinking of installing Squid as a caching http proxy. > I have just installed a DNS server (TreeWalk) which not only > caches the DNS queries, but apparently it makes sure that the > servers it polls for DNS records are authoritative, > meaning that it is safer and less likely to be subject to DNS > poisoning (as I understand it). Interesting. If this is all behind a firewall, you might consider setting your TreeWalk server(s) as the DNS server for all your protected hosts, and enforce this by setting a firewall rule such that only the TreeWalk server(s) can make outbound connections on TCP or UDP port 53. > This is all on Windows 2003 by the way. > I was going to install the Windows port from: > http://www.acmeconsulting.it/SquidNT.htm > > Is there a way to make sure that my applications use TreeWalk > as their DNS server but Squid as the Caching proxy? > Perhaps someway to get Squid to use TreeDNS instead of it's > own dns server? If you can configure your client hosts to use the Squid cache as an "explicit" HTTP proxy (not in transparent/redirected mode), then the clients should no longer be attempting to resolve DNS names to IP addresses themselves, but rather they should just hand off the original hostname to Squid in the proxy-HTTP request, and let Squid do the name resolution. Assuming this is the case, then all you need to do is make sure that your SquidNT is using your TreeWalk nameserver for it's lookups, and you should be all set. You might research Proxy Automatic Configuration (PAC) scripts as one option to direct clients to do the right thing (go direct, use a caching proxy, roll over and play dead) for particular URLs. Kevin Kadow
