GIGO . wrote:
Dear Amos,

This problem is resolved by disabling following pieces of lines in my
setup...

#Define Local Servers # acl localServers dst 10.0.0.0/8 # Local
server should never be forwarded to neighbour/peers and they should
never be cached. #always_direct allow localservers #cache deny
LocalServers

By disabling these directives no dns server is required at all as
Cache_peer ISA is doing the trick now and ISA servers DNS
settings(whatever) are being utilized instead right?


Yes.

ok what was happending when these lines were not commented was that
squid was trying to use the above acl in every request i have not a
very confident picture. wasn't it should be able to resolve the dns
throgh the settings in my etc/resovl.conf easily?? Or in reality it
was trying to use the DNS configuration on the ISA server which has
externel dns servers configured and therefore have no idea of the
local network? what is the behaviour? Please guide me.


Your Squid was trying to use whatever DNS servers are configured for it
(dns_nameservers or /etc/resolv.conf) to complete that ACL.

Then passing on to ISA, where ISA would use its own DNS servers to do
whatever it has to produce a reply.

This _should_ not be a huge problem, but apparently one of the Squid configured servers is broken or unable to resolve the domains in good enough time.



However i just wonder wt good these lines for? when users in you
local net are bound to go to local servers by configure there
browsers for "No proxy/bypass for local network web servers settings"

Your understanding seems correct. They only matter when all user traffic goes through the Squid.
 * The browser can be configured to not use the proxy for local domains.
 * a PAC file can be written to identify local domains and do the same.
* or Squid can have this type of rule to catch them (though dstdomain ACL would be better to remove the DNS lookup)

. Is there a way to go to even local servers through proxy as i have
developed an understandign that for local servers you have to bypass
the squid proxy??

No. Squid only needs to know how to get to the server wherever it is, local or remote makes no difference. Perhapse some small speed change between going direct and going through Squid. Nothing more than that.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.1

Reply via email to