Not just the Squid machine but *all* the clients going through your Squid also have to be using the same DNS resolver for that workaround. Any of them using other resolvers (eg 8.8.8.8 or similar services) *will* hit these errors.
And this is my dns config in squid.config :
# --------- DNS AND IP CACHES [4341]
dns_nameservers 127.0.0.1
dns_v4_first on
#original_dst off
client_dst_passthru off
The above setting is rejecting clients when the host verify fails.
TO let traffic through the proxy when host-verify fails set it back to the default "client_dst_passthru on".
The Host verify failure is most dangerous when cached - so that is always prohibited. But upstream routing is difficult for Squid to determine - thus that config option. It is left up to you whether you risk your clients getting infected by that mechanism - Squid just minimizes the damage and risk by limiting it to the one client making the suspicious request.
Thanks alot for your suggestion, i thought that i made some mistake in my DNS. I will try to find out and show you the result.
-- SĐT : 01234454115
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
