Hello,
Am 24.9.2013 14:31, schrieb Eliezer Croitoru:
Hey there,
you can try to define a dst domain regex that will verify the
destination domain.
I am trying to understand how can you use a proxy and no DNS??
Because our proxy hands all http requests to external (=internet) sites
over to the parent proxy (for doing that, dns is not necessary), direct
access is only possible for internal hosts (this needs dns, this works
fine).
... what a reconf to the service does? is it affecting anything at
all?
What kind of reconfigure do you mean?
you do have dstdomain acls which can be the source for some of the
trouble but it's not 100% until tested more.
As far as I understand, dstdomain acls causes dns requests only in case
of a given IP address (making a PTR request to find out the
corresponding domainname)
can you describe the network environment in more details?
(myNet + internal servers + myProxy) -> (Firewall + parentProxy) ->
internet
... The fastest way to deny DNS queries is to lower the way they are
being
handled.
I don't want to deny the DNS queries, I think they are not necessary
and I am wondering why squid make these queries.
Kind Regards
Thomas
