sorry for late response, >>> >> Does i need to configure each browser to pass request to squid? Can it >> be done by the iptables at the server side. i want it transparent to >> the user. > > You can use WPAD methods to setup the browsers in bulk with little or no > user knowledge. They only need to set the browser to the "auto-detect" > setting if it's not already defaulting to that. > > If you want to get really tricky you can start intercepting DNS going to > servers outside your networks and pointing them at a recursive resolver > under your own control. The success of this depends on whether the client > software is doing DNSSEC or other security measures on their DNS replies. > i have a local resolver in my main server. how can intercept DNS going outside and point it to a recursive server under my control? >>>> >>>> will do a dns lookup at the startup. squid will not start if it fails >>>> dns lookup. i have tried to disable the internal dns lookup and still >>>> problem exists. is there any way to solve this? >>> >>> Disabling the internal DNS resolver only switches to using an old slower >>> external resolver process. >>> >>> Squid requires DNS when it has to process a squid.conf entry from a name >>> to >>> an IP. Such as names in src/dst ACLs. Using IP addresses there will help >>> avoiding DNS on startup. >> >> i'm using ip for my acl setup. for example : acl lan src >> 129.34.4.0/32; is there other place i need to use IP adress to avoid >> DNS on startup? or how can i avoiding DNS on startup? > > Only the -D that I can recall... > >>> >>> Older Squid needed the -D command line option to prevent tests of the >>> configured nameservers. And visible_hostname to prevent looking up its >>> hostname rDNS. >>> Newer Squid have dropped the -D and related tests, and their >>> visible_hostname will failover to "localhost" instead of stopping. >>> thanks,
