On 06.09.18 02:40, Julian Perconti wrote:
"I discovered" that if I use more than one *local* dns server/resolver, when I use squid HTTPS, there are some problems accesing to the web.
I have a squid with TLS support in server "B"; the gateway and resolver of the server "B" is server "A" and the server "A" has bind installed and multiple or at least one (local) dns forwarders. (djbdns)
If I remove the forwarders (local always, never publics one like 8.8.8.8) in server "A", the problem disappears.
In this scenario, the dns forwarders in server "A" is not being directly used by the clients nor squid (they are forwarders for bind in server "A"), e.g. browsing by server "B" (squid) an resolving domains via server "A" with forwarders.
what do you mean forwarders? You need to send query to a DNS server that makes the resolution. It's OK when you have squid configured on server "B" and DNS on server "A" and squid uses server "A" for resolution. However, your repeated usage of word "forwarders" indicates there is something broken in the configuration on server "A".
So, the question: How can I use multiple DNS caching resolvers/server (local or remote) like bind/djbdns without the issue mentioned above?
do not use djbdns. ever. simply configure bind on server "A", allow it to provide recursion for server "B" and that's all. Forget forwarders.
Is mandatory for squid to use only 1 dns/caching nameserver?
usually, people have multiple DNS servers configured to fail over in case one of them fails. in some cases, client can balance the load, or prefer server with faster responses. There should be no problem of this kind, unless one of your DNS servers is broken. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. There's a long-standing bug relating to the x86 architecture that allows you to install Windows. -- Matthew D. Fuller _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
