On Wed, 20 Oct 2010 09:11:43 +0800, mohd hafiz <bmhafiz@xxxxxxxxx> wrote: >> >> When a browser is configured to use a proxy it *never* performs DNS for >> traffic sent there. The proxy does it all instead. When a browser is not >> aware of the proxy (NAT interception) it performs its own DNS which gets >> discarded again as the packets enter the proxy. > > oo..i see. squid will do the dns lookup for the browser. >> >> DNS inside Squid follows required specifications. Yes it caches DNS, for >> the times required by individual IPs and domains. If you don't understand >> any of it *don't touch*. Preventing caching of these will result in your >> users spending very large amounts of time waiting for pages to arrive. > > Is it able to set squid to always ask for new dns? i means that, the > dns in squid become old/stale and squid > perform new dns lookup for fresh dns when new request come from > browser. in my mind, i think that i can play with the ttl.? It's automatic. Every lookup the DNS server sends a TTL for the reply it gave. The Squid default is to cap TTL at 6 hours. You can adjust that with positive_dns_ttl. DNS best-practice is to use 24 hours max for long-lived zones. NP: Depending on how secure the resolver(s) are they may throttle down and stop responding if you don't obey the TTL and request too often. Amos
