Search squid archive

RE: [squid-users] DNS suffix searching and parent proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> -----Original Message-----
> From: Tim Bates [mailto:tin@xxxxxxxxxxxxxxx]
> Sent: Thursday, April 28, 2005 5:40 PM
> To: squid-users@xxxxxxxxxxxxxxx
> Subject: [squid-users] DNS suffix searching and parent proxy
> 
> 
> Hi.
> 
> I have a local fake domain set up, and I also need to make squid use a 
> parent proxy. The problem Im getting is that the "search" option in 
> resolv.conf seems to be ignored if a parent proxy is configured. If I 
> try to access a host using just it's name without the domain, it 
> forwards to the parent. If I put the full domain, it doesnt since I have 
> a "always_direct allow <local domain acl name>".
> 
> I could simply create a new acl containing all the local server names, 
> but that would be pretty ugly and not very easy to keep in sync with the 
> DNS records.
> 
> Can I make squid do a DNS lookup including the suffix search to 
> determine if it's local first? If I can how. If I can't, any hints on 
> how to make it work?
> 
> Tim Bates

Hmm... In your case, I would be tempted to look into the append_domain
directive.

#  TAG: append_domain
#       Appends local domain name to hostnames without any dots in
#       them.  append_domain must begin with a period.
#       
#       Be warned that there today is Internet names with no dots in  
#       them using only top-domain names, so setting this may
#       cause some Internet sites to become unavailable.

If you use something like "append_domain .company.intranet", then you could
use "always_direct allow .company.intranet".  Otherwise, a url_regex like
"^\." would (if I'm not mistaken) match any request without dots.  Testing
would be needed to verify, and I imagine that the append_domain directive is
more efficient.  As a final option (choice is good) you could specify all of
the standard TLDs (both country code, and otherwise), like:

acl TLDs dstdomain "/path/to/TLDs" # Available from
http://ftp.ics.uci.edu/pub/websoft/wwwstat/country-codes.txt, but needs
editing to be usable by squid

And then use cache_peer_access:

cache_peer_access parent.proxy.server allow TLDs
cache_peer_access parent.proxy.server deny all

OR never_direct:
 
never_direct deny !TLDs
never_direct allow all

Since top level domains are added fairly infrequently, this should not cause
too much trouble... 

*shrug* I'm just pulling these ideas out of the air.  No guarantees.

Chris

Chris
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux