On 30/10/2013 8:28 p.m., Dr.x wrote:
hi amos ,
is there a method that let squid force its dns reply and ignore the client
dns reply ???
=====================================
i mean if client x got 1.1.1.1
and squid got 2.2.2.2
i want client to go to 2.2.2.2 not to 1.1.1.1
=============================
Which one is the real server?
How do you know the client was wrong about where *they* were contacting?
* some clients base connections on details other than DNS A and AAAA
records.
* some services present special IP address contacts only to registered
clients (ie Google DNS). This may be Squid OR the client.
The only case where it turns out to actually be safe is when the DNS
lookup for Squid and client match. You can set client_dst_passthru
directive to 'off' for those cases.
Amos
