Re: [squid-users] superfluous DNS queries

Fri, 11 Jun 2004 14:50:27 -0700 

> I set up SQUID to forward all HTTP traffic through a parent proxy
> (bound to internet) except when URL matches certain suffix domains (intranet).
> Upon receiving internet URL like www.thepurists.com, SQUID however
> queries DNS servers for www.squid-cache.org, www.squid-cache.org.sub.my.org, ...

What is your dns_testnames settings in the Squid.
Did you test the samples in the starting of squid or after some requests.

> Indeed, i dont know anyone who who type in a browser:
> http://www.squid-cache.org. instead of http://www.squid-cache.org
> So i believe it would be nice if SQUID processed URL having at least one dot
> as if there were fully-qualified.
>
> # cat squid.conf (excerpt)
> acl DIRECT dstdomain "/usr/local/squid/etc/acl/direct.dstdom"
> # cat /usr/local/squid/etc/acl/direct.dstdom
> my.org
> intranet.my

The problem may be here. For dstdomain acl ,you have to include (.) "dot" before the 
domains as like

# cat /usr/local/squid/etc/acl/direct.dstdom
my.org
intranet.my


> cache_peer outproxy.my.org parent 8080 0 no-query proxy-only
> always_direct allow DIRECT
> never_direct allow all
> dns_nameservers 10.1.1.1 10.5.1.1
> visible_hostname intraproxy.sub.my.org

>
> # tcpdump -vs0 dst port 53
> local.29297 > 10.1.1.1.domain:  [udp sum ok] 62439+ A? www.squid-cache.org. 
> [|domain] (DF) (ttl 255, id 43955, len 64)
> 10.1.1.1.domain > local.29297:  [udp sum ok] 62439 NXDomain* 0/1/0 (99) (ttl 29, id 
> 8065, len 127)
>
> local.29298 > 10.1.1.1.domain:  [udp sum ok] 62440+ A? 
> www.squid-cache.org.sub.my.org. [|domain] (DF) (ttl 255, id 43956, len 76)
> 10.0.1.1.domain > local.29298:  [udp sum ok] 62440 NXDomain* 0/1/0 (108) (ttl 29, id 
> 8070, len 136)

Requests are suffixed with the first proxy domain's in the visible hostname of 
.sub.my.org

>
> local.29299 > 10.0.1.1.domain:  [udp sum ok] 62441+ A? wwww.squid-cache.org.my.org. 
> [|domain] (DF) (ttl 255, id 43957, len 71)
> 10.0.1.1.domain > local.29299:  [udp sum ok] 62441 NXDomain* 0/1/0 (103) (ttl 29, id 
> 8074, len 131)

Now the requests are suffixed with the outer proxy's domains in the visible hostname.

Check the proxy with the modified acl settings,dns_testnames.

Regards,
Muthukumar.




---
===============  It is a "Virus Free Mail" ===============
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.701 / Virus Database: 458 - Release Date: 6/7/2004

Reply via email to