sorry for late response,
>>>
>> Does i need to configure each browser to pass request to squid? Can it
>> be done by the iptables at the server side. i want it transparent to
>> the user.
>
> You can use WPAD methods to setup the browsers in bulk with little or no
> user knowledge. They only need to set the browser to the "auto-detect"
> setting if it's not already defaulting to that.
>
> If you want to get really tricky you can start intercepting DNS going to
> servers outside your networks and pointing them at a recursive resolver
> under your own control. The success of this depends on whether the client
> software is doing DNSSEC or other security measures on their DNS replies.
>
i have a local resolver in my main server. how can intercept DNS going
outside and point it to a recursive server under my control?
>>>>
>>>> will do a dns lookup at the startup. squid will not start if it fails
>>>> dns lookup. i have tried to disable the internal dns lookup and still
>>>> problem exists. is there any way to solve this?
>>>
>>> Disabling the internal DNS resolver only switches to using an old slower
>>> external resolver process.
>>>
>>> Squid requires DNS when it has to process a squid.conf entry from a name
>>> to
>>> an IP. Such as names in src/dst ACLs. Using IP addresses there will help
>>> avoiding DNS on startup.
>>
>> i'm using ip for my acl setup. for example : acl lan src
>> 129.34.4.0/32; is there other place i need to use IP adress to avoid
>> DNS on startup? or how can i avoiding DNS on startup?
>
> Only the -D that I can recall...
>
>>>
>>> Older Squid needed the -D command line option to prevent tests of the
>>> configured nameservers. And visible_hostname to prevent looking up its
>>> hostname rDNS.
>>> Newer Squid have dropped the -D and related tests, and their
>>> visible_hostname will failover to "localhost" instead of stopping.
>>>
thanks,
Received on Fri Oct 15 2010 - 15:57:15 MDT
This archive was generated by hypermail 2.2.0 : Sat Oct 16 2010 - 12:00:02 MDT