tor 2007-04-26 klockan 11:16 -0400 skrev Michael W. Lucas: > Packet sniffing shows that the client is talking to the proxy, but the > client is also trying all of its DNS servers to resolve the hostname > of the Web site. With complex Web sites this can take a while -- for > example, the front page for www.cnn.com has several hostnames in it. > I suspect this is causing the very slow access. Should not, assuming the private DNS has a proper private root zone allowing it to promptly reject DNS queries for other domains with "Domain does not exists". This is needed for any IP based proxy.pac rules to work proper, if not they will get significant delays due to DNS trying to resolve external names and the DNS servers not knowing what to do.. > Do other people see this behavior? What did you do? Surely we're not > the first people to use Squid, IE, and private DNS? Have run it very successfully at different customers. Technically it's no different from having a public DNS, in many cases even a lot more efficient as the internal DNS infrastructure does not get clogged with external DNS data and the clients do not need to wait for external DNS lookups just to find if a site is internal or not.. Drawback from having an private unconnected DNS infrastructure is that the "hack" of returning "DIRECT" on unresolvable domains obviously doesn't work so users will see the proxy error instead of the browser error when they type wrong.. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
