J. Webster wrote:
Is there any problem with using opendns server as the dns_nameserver in squid?
Yes. OpenDNS is known under some setups to send a positive domain name
result where it should be returning NXDOMAIN.
This royally screws over any networks where there are more than one
local domain scope.
For one basic example;
if your resolv.conf contains the command "search .local .example.com"
and Squid gets told that 123.local is one of the OpenDNS "smart" search
pages. It will fail 100% of the time to redirect you to the real
123.example.com website.
The examples and failure cases get really complicated when the mixture
of modern DNS RR types are added in, but the end result is identical to
that of the simple case above.
There have been a number of people who think their IPv6 access is
completely broken (even when realy completely working) simply because
IPv6-only websites always redirect to an OpenDNS search pages when the
browser chooses to test IPv4 first.
Is it slower than using the local hosts namersevrers?
Yes. But no more so than any external DNS server.
I have an issue with dns timeouts for 1 or 2 websites and am having to restart the dns cache (nscd) every 6 hours to flush it.
I thought adding the nameservers to the squid.conf would bypass this issue.
Feel free to give it a try. But watch closely to see if you hit any of
the known problems. There are some using it happily.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23
Current Beta Squid 3.1.0.16
