Hi all, "I discovered" that if I use more than one *local* dns server/resolver, when I use squid HTTPS, there are some problems accesing to the web. For example: I have a squid with TLS support in server "B"; the gateway and resolver of the server "B" is server "A" and the server "A" has bind installed and multiple or at least one (local) dns forwarders. (djbdns) In this scenario squid; takes a long time to load some sites like Dropbox, Twitter, (if it load succesfull, other times does not load in anyway). If I remove the forwarders (local always, never publics one like 8.8.8.8) in server "A", the problem disappears. In this scenario, the dns forwarders in server "A" is not being directly used by the clients nor squid (they are forwarders for bind in server "A"), e.g. browsing by server "B" (squid) an resolving domains via server "A" with forwarders. So, the question: How can I use multiple DNS caching resolvers/server (local or remote) like bind/djbdns without the issue mentioned above? Is mandatory for squid to use only 1 dns/caching nameserver? From: https://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery >ensure that the DNS servers Squid uses are the same as those used by the client(s). >Certain popular CDN hosting networks use load balancing systems to determine which website IPs to return in the DNS query response. These are based on the querying DNS resolvers IP. If Squid >and the client are using different resolvers there is an increased chance of different results being given. Which can lead to this alert Thank You in advance! _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
