> I set up SQUID to forward all HTTP traffic through a parent proxy > (bound to internet) except when URL matches certain suffix domains (intranet). > Upon receiving internet URL like www.thepurists.com, SQUID however > queries DNS servers for www.squid-cache.org, www.squid-cache.org.sub.my.org, ...
What is your dns_testnames settings in the Squid. Did you test the samples in the starting of squid or after some requests. > Indeed, i dont know anyone who who type in a browser: > http://www.squid-cache.org. instead of http://www.squid-cache.org > So i believe it would be nice if SQUID processed URL having at least one dot > as if there were fully-qualified. > > # cat squid.conf (excerpt) > acl DIRECT dstdomain "/usr/local/squid/etc/acl/direct.dstdom" > # cat /usr/local/squid/etc/acl/direct.dstdom > my.org > intranet.my The problem may be here. For dstdomain acl ,you have to include (.) "dot" before the domains as like # cat /usr/local/squid/etc/acl/direct.dstdom my.org intranet.my > cache_peer outproxy.my.org parent 8080 0 no-query proxy-only > always_direct allow DIRECT > never_direct allow all > dns_nameservers 10.1.1.1 10.5.1.1 > visible_hostname intraproxy.sub.my.org > > # tcpdump -vs0 dst port 53 > local.29297 > 10.1.1.1.domain: [udp sum ok] 62439+ A? www.squid-cache.org. > [|domain] (DF) (ttl 255, id 43955, len 64) > 10.1.1.1.domain > local.29297: [udp sum ok] 62439 NXDomain* 0/1/0 (99) (ttl 29, id > 8065, len 127) > > local.29298 > 10.1.1.1.domain: [udp sum ok] 62440+ A? > www.squid-cache.org.sub.my.org. [|domain] (DF) (ttl 255, id 43956, len 76) > 10.0.1.1.domain > local.29298: [udp sum ok] 62440 NXDomain* 0/1/0 (108) (ttl 29, id > 8070, len 136) Requests are suffixed with the first proxy domain's in the visible hostname of .sub.my.org > > local.29299 > 10.0.1.1.domain: [udp sum ok] 62441+ A? wwww.squid-cache.org.my.org. > [|domain] (DF) (ttl 255, id 43957, len 71) > 10.0.1.1.domain > local.29299: [udp sum ok] 62441 NXDomain* 0/1/0 (103) (ttl 29, id > 8074, len 131) Now the requests are suffixed with the outer proxy's domains in the visible hostname. Check the proxy with the modified acl settings,dns_testnames. Regards, Muthukumar. --- =============== It is a "Virus Free Mail" =============== Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.701 / Virus Database: 458 - Release Date: 6/7/2004