Joseph Jenkins wrote:
http_port 172.24.245.7:3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
access_log /opt/csw/var/logs/access.log squid
logfile_rotate 10
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
acl our_networks src 172.24.160.0/255.255.255.0
172.24.161.0/255.255.255.0 10.52.1.0/255.255.255.0 10.52.5.0/255.255.255.0
http_access allow our_networks
http_access deny all
icp_access deny all
htcp_access deny all
cache_mgr joseph.jenkins@xxxxxxx <mailto:joseph.jenkins@xxxxxxx>
cache_effective_user latsquid
cache_effective_group bin
visible_hostname lauxproxy01.xxx.com
snmp_port 0
icp_port 0
coredump_dir /opt/csw/var/cache
Well, nothing out of the ordinary there.
It should be doing its own resolution from the servers in /etc/resolv.conf
It sounds like behaviour others have spoken of recently as 'working' in
squid 2.5, but has been stopped as a security problem in 2.6.
If its not that, then I'm stumped on this one.
Amos
On Nov 16, 2007, at 2:45 PM, Amos Jeffries wrote:
Joseph Jenkins wrote:
I verified that the squid cache is not using it's own dns resolution
for the clients browsing, instead it is relying on the client's dns
resolution. I verified that the squid cache is able to do dns
resolution. Is there an option that I need to enable in the
squid.conf so that the cache will do dns resolution? Is there
something else I need to install for this?
Should not be.
What is in your squid.conf (without comments) please.
Amos
TIA
On Nov 15, 2007, at 7:15 PM, Amos Jeffries wrote:
How do I verify that the cache is doing the dns resolution and it
isn't relying on the client's dns resolution? So the "it" referred
setting up the cache to do dns resolution and not to use the clients
dns resolution.
On Nov 15, 2007, at 1:54 PM, Amos Jeffries wrote:
May be I am missing this, but I have not been able to find it. How
do
I have the squid cache do the dns lookup and use that rather than
trusting the address that the client looks up?
'it' referring to what?
When using a proxy clients rarely ever do DNS lookups themselves.
Amos
Oh. You can:
enable the DNS section of debug logging in cache.log and watch the DNS
lookups in progress.
tcpdump/wireshark the data stream and see who is doing lookup for
domains.
log on the local networks DNS server to see who is looking up what when.
(in recent squid) look in squids access.log to see where its requesting
traffic from for any given request.
use 'squidclient mgr:ipcache" to see what squid has resolved each
domain to.
Amos
