On Wed, 20 Oct 2010 09:11:43 +0800, mohd hafiz <bmhafiz_at_gmail.com> wrote:
>>
>> When a browser is configured to use a proxy it *never* performs DNS for
>> traffic sent there. The proxy does it all instead. When a browser is
not
>> aware of the proxy (NAT interception) it performs its own DNS which
gets
>> discarded again as the packets enter the proxy.
>
> oo..i see. squid will do the dns lookup for the browser.
>>
>> DNS inside Squid follows required specifications. Yes it caches DNS,
for
>> the times required by individual IPs and domains. If you don't
understand
>> any of it *don't touch*. Preventing caching of these will result in
your
>> users spending very large amounts of time waiting for pages to arrive.
>
> Is it able to set squid to always ask for new dns? i means that, the
> dns in squid become old/stale and squid
> perform new dns lookup for fresh dns when new request come from
> browser. in my mind, i think that i can play with the ttl.?
It's automatic. Every lookup the DNS server sends a TTL for the reply it
gave. The Squid default is to cap TTL at 6 hours. You can adjust that with
positive_dns_ttl. DNS best-practice is to use 24 hours max for long-lived
zones.
NP: Depending on how secure the resolver(s) are they may throttle down and
stop responding if you don't obey the TTL and request too often.
Amos
Received on Wed Oct 20 2010 - 02:27:36 MDT
This archive was generated by hypermail 2.2.0 : Wed Oct 20 2010 - 12:00:03 MDT