phil curb wrote:
ok, amos. there have been some developments, based on
what you wrote.. I couldn`t find anything of your
reply to say yes to..
Removing dns_nameservers from squid.conf, so it is
like default.
When I set windows to get IP automatically, and DNS
manually..
If I set DNS to 192.168.0.1 Then wireshark shows DNS
working normally..
comp to 192.168.0.1
192.168.0.1 to comp
I can browse (without squid).
And squid works too (I can browse with squid)
If I set comp DNS to 10.0.0.138, then Wireshark shows
DNS working funny, like I described in my post.
I can browse.
and squid does not work
(hence the dns_nameserver workaround)
Remember.. When I got DNS automatically, I got
10.0.0.138 Same thing as setting it manually to
10.0.0.138. same behaviour.
Looking at wireshark, the reason is probably that
windows can handle the funny DNS involving 2 ips even
when it is only given one ip as DNS server. Whereas
squid cannot handle that. Hence the dns_nameserver
workaround worked when specifying both DNS ips.
More specifically Squid takes the secure route only accepts a DNS
response from the same server it asked. Windows takes the convenient
route and accepts a DNS response from anyone.
What I think Amos was saying is that your NAT router should either
answer DNS queries from the same IP that receives the query, or it
should give the proper address for "option domain-name-servers" in
DHCP. Accepting DNS queries on one IP and replying on another is
weird. I wonder if the HTTP connection to 10.0.0.38 does the same
thing. Would that even work with a TCP stream?
note- had to close and start squid (not IE) after any
change in windows DNS settings, for DNS change to take
effect.
Chris
