Hello list, I'm seeing a very odd thing with one website, something which I can't explain at all. It only happens with Squid, if I bypass Squid everything works as normal. We are trying to access a website: example.com. This domain name is resolvable both on the Internet and on our nationwide WAN. We have to go through our WAN, because only then can we use the web application hosted there. This is not available to the general public. So far, easy enough. Just route traffic the right way and things should be okay. Only thing is: we have done so, but Squid doesn't seem to understand. Let me clarify: Example.com resolves as 123.123.123.123 for our WAN. It resolves as 200.200.200.200 on the Internet. The Squid machine queries two DNS servers, both hosted internally. Both DNS servers have example.com/123.123.123.123 in their forward lookup zone. Doing an nslookup example.com on the Squid machine gives: Server: x.x.x.x (ip address of internal DNS) Address: x.x.x.x (same) Name: example.com Address: 123.123.123.123 So far so good. The Squid machine knows the right address for example.com. Our firewall is configured to route all traffic to 123.123.123.123 to our WAN router instead of Internet router. If I do a traceroute on the Squid machine to example.com, I first see our firewall, then the next hop is the WAN router, so traffic gets routed the right way. If I bypass Squid and use Lynx on the Squid machine to go to example.com, it shows me the login page of the web application. But...if I use a client computer and connect through Squid to http://example.com, I see the following request line in /var/log/squid/access.log: 1195033488.299 179843 x.x.x.x TCP_MISS/504 1503 GET http://example.com/ <username> DIRECT/200.200.200.200 text/html As you can see, Squid tries to grab the page from the Internet address, not from the WAN address. This does not work, and results in a time-out. But my question is: where does Squid get the Internet IP address? I have tried to purge all references to example.com using squidclient, but it just tells me 404, not found. Which is normal, since it can't connect to the site. I have restarted the NSCD daemon, which should purge the DNS cache. Any ideas where to look? Thanks, Joop ------------------------------------------------------------ Dit bericht is gescand op virussen en andere gevaarlijke inhoud door MailScanner en lijkt schoon te zijn. Mailscanner door http://www.prosolit.nl Professional Solutions fot IT
