On 13/12/20 10:44 pm, sampei02 wrote:
Thanks for your suggestions. 1. In this way I should move problem to another level that is dhcp server. 2. My DHCP server already updates to local DNS, that is Active Directory, but Squid cannot point to this local Microsoft DNS because It’s using external DNS. I have two DNS: Microsoft DNS (AD) for resolve intranet addresses and Linux DNS (public network) to resolve Internet address. Squid uses last DNS.
Your recursive resolver (the Linux DNS) should be configured to forward queries about the local networks IP range(s) used by DHCP to the Microsoft DNS resolver.
Squid should make its queries to the Linux one and get the necessary information back about the clients.
When client asks url to Squid, is there way to capture the “client name” and to check the match to acl? Does It exist trusted application to integrate into Squid to make it?
That depends on what type of name you are looking for and what protocols are available. Humans like to apply names to things and each protocol has its own version of one, is the situation gets complicated and messy.
As mentioned already if you can avoid having things depend on "machine name" it will help simplify the situation a lot.
Squid should be able to identify the IP ranges that are used by internal clients vs others. It can make simple denials based on the IP range.
As a last resort, there is no need to make the policy decision directly in squid.conf. You can have an external ACL helper that gets passed some details from Squid and tells Squid what to do. That helper could be given the URL and client IP - do a lookup in *both* DNS resolvers and pass back to Squid whether it is to be allowed (OK) or not (ERR).
Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
