On 27/08/20 1:43 pm, Jonas Steinberg wrote: > > I have no use case. My cloud provider has written a software-defined > “appliance” meant to integrate with firewalls and routers. I was > complaining that I had no way to integrate it with my DNS filtering > workflows (Squid). They told me “Hey, if it’ll support GENEVE then you > can make it work.” So I simply came here to ask. > > I mean…if anyone has any ideas of how I can get something to work > without buying anything expensive I’d certainly be grateful! > Hmm. It depends a bit on what this appliance is for and what you want it doing. I'm not sure what Squid has to do with your DNS filtering workflows TBH. Squid is typically just a client for DNS like any other software. It does not manage or control DNS. (warning: making some big assumptions here, so this may be way off what you need). If you mean Squid managing that new DNS-over-HTTP stuff Browsers are trying to have happen. Whatever message filtering you have in the HTTP layer should work no differently with or without any extra appliance existing in the network. If you mean Squid ACLs to apply policy to HTTP traffic to/from the appliance ... If the appliance is assigned IPs from your LAN or a DMZ range your Squid ACLs that check IP range can match it in the broad sense. Like the localnet ACL just checks for existence of a client on LAN vs Internet. If you need an ACL to identify/match a specific appliance with dynamically assigned IP you can use its hostname instead of IP. Squid finds the IP as-needed via rDNS or mDNS depending on the .local TLD existence in the FQDN. NP: This has variable reliability. When the appliance IP changes the DNS TTL determines how fast Squid can know about the change. HTH Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
