> I set up SQUID to forward all HTTP traffic through a parent proxy
> (bound to internet) except when URL matches certain suffix domains (intranet).
> Upon receiving internet URL like www.thepurists.com, SQUID however
> queries DNS servers for www.squid-cache.org, www.squid-cache.org.sub.my.org, ...
What is your dns_testnames settings in the Squid.
Did you test the samples in the starting of squid or after some requests.
> Indeed, i dont know anyone who who type in a browser:
> http://www.squid-cache.org. instead of http://www.squid-cache.org
> So i believe it would be nice if SQUID processed URL having at least one dot
> as if there were fully-qualified.
>
> # cat squid.conf (excerpt)
> acl DIRECT dstdomain "/usr/local/squid/etc/acl/direct.dstdom"
> # cat /usr/local/squid/etc/acl/direct.dstdom
> my.org
> intranet.my
The problem may be here. For dstdomain acl ,you have to include (.) "dot" before the domains as like
# cat /usr/local/squid/etc/acl/direct.dstdom
my.org
intranet.my
> cache_peer outproxy.my.org parent 8080 0 no-query proxy-only
> always_direct allow DIRECT
> never_direct allow all
> dns_nameservers 10.1.1.1 10.5.1.1
> visible_hostname intraproxy.sub.my.org
>
> # tcpdump -vs0 dst port 53
> local.29297 > 10.1.1.1.domain: [udp sum ok] 62439+ A? www.squid-cache.org. [|domain] (DF) (ttl 255, id 43955, len 64)
> 10.1.1.1.domain > local.29297: [udp sum ok] 62439 NXDomain* 0/1/0 (99) (ttl 29, id 8065, len 127)
>
> local.29298 > 10.1.1.1.domain: [udp sum ok] 62440+ A? www.squid-cache.org.sub.my.org. [|domain] (DF) (ttl 255, id 43956, len 76)
> 10.0.1.1.domain > local.29298: [udp sum ok] 62440 NXDomain* 0/1/0 (108) (ttl 29, id 8070, len 136)
Requests are suffixed with the first proxy domain's in the visible hostname of .sub.my.org
>
> local.29299 > 10.0.1.1.domain: [udp sum ok] 62441+ A? wwww.squid-cache.org.my.org. [|domain] (DF) (ttl 255, id 43957, len 71)
> 10.0.1.1.domain > local.29299: [udp sum ok] 62441 NXDomain* 0/1/0 (103) (ttl 29, id 8074, len 131)
Now the requests are suffixed with the outer proxy's domains in the visible hostname.
Check the proxy with the modified acl settings,dns_testnames.
Regards,
Muthukumar.
--- =============== It is a "Virus Free Mail" =============== Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.701 / Virus Database: 458 - Release Date: 6/7/2004Received on Fri Jun 11 2004 - 15:46:59 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:02 MDT