edreyfus.ext@xxxxxxxxxxxxxxxxxx wrote:
Hi!
I'm using squid as a reverse proxy and I'm trying to disable the DNS
lookup system (dhclient). I tried the compilation option
--disable-internal-dns but it activate an external lookup program. I
start squid with the -D option whom disable the initial DNS tests but
let the dnsserver connected.
I dont use domain names at all and it would be great if I could close
the port number 68. Is it possible to do so without using iptable?
Thank you
Firstly, Squid does not use dhclient or port 68.
The closest Squid comes is calling certain system calls to identify the
local hostname when visible_hostname has not been configured. This data
is usually pulled from the /etc/hosts file by the OS.
Any DNS queries Squid is doing will be due to your configuration
requiring Squid to make them.
* check that your reverse-proxy configuration matches the wiki config
exemplar.
* Uses cache_peer by IP address.
* Uses only dstdomain or other text-matching ACL for routing the
requests around. Avoid dst or srcdomain which require DNS.
Go back to using the internal DNS resolver. It does not do DNS unless
DNS is needed.
Keep using the -D option. It's obsolete in the latest Squid, and the
tests it prevents are not generally needed in older Squid either.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21
Current Beta Squid 3.1.0.15