[squid-users] Server Failure: The name server was unable to process this query.
Amos Jeffries
squid3 at treenet.co.nz
Thu Oct 23 20:42:08 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 24/10/2014 6:41 a.m., Natxo Asenjo wrote:
> On Thu, Oct 23, 2014 at 3:10 PM, Yassin CHOUCHANE wrote:
>> root [~] > nslookup cafeServer Server: 192.168.1.3
>> Address: 192.168.1.3#53
>>
>> Name: cafeServer.sonsofanarchy.fr Address: 192.168.1.50
>>
>>
>> but when i lunch it on my webrowser i have the message Server
>> Failure: The name server was unable to process this query.
>
> we solved this on the clients disabling local addresses . In
> firefox you add <local> to your exception list, in IE you check the
> box for local addresses.
>
For the record that is not a "address" it is a name in particular it
is a firstname.
The problem is that your browser contacted the proxy and said the
equivalent of "Deliver this to Bob" instead of "Deliver this to Bob
who can be found at example.com". How many "Bob" are there on the
Internet?
FYI: There are a set of requirements that are mandatory for all
Internet connected machinery. One of them is using FQDN when
referencing other machinery if it can in any way be confused with a
public name. Bare hostname like that do encounter problems such as you
just did, and also problems accessing domains like http://com/ - which
is/was a real public-Internet fully qualified domain name for Verisign.
What you should be doing for best compatibility is using the domain
".local" for internal communications. The current releases of Squid
also support mDNS:
http://www.squid-cache.org/Doc/config/dns_multicast_local/
You can still enable the ** 1970 - 1990 ** era networking behaviour
with this configuration option:
http://www.squid-cache.org/Doc/config/dns_defnames/
And configuring the "search" or "domain" options in /etc/resolv.conf.
Note that it will make Squid assume that any requested name with
insufficient '.' in the name resolves locally. This has potential to
allow external access to internal client machines unless you are
careful to restrict with ACLswhere traffic can come from and go to.
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUSWgfAAoJELJo5wb/XPRjXJ4H/296zuBcvvI3zQmF+fWI7/DI
slNFrkH1cAWFJgBTSmG9vcEWlyX/MSSHphETnPFuU6VMbJF6wjTRoasMhvu9D/Kh
h44iFcWFQxgg4Mux/bdR2/hiVz7a1GipcxH3NRahNHZN2G0cD/6NLmY9hJZ+kKwd
Pp25ev0iHIxMk2XohK5StbaOckS004xQ6cgxwbUHcW8IUlta3AZZjEPy3Ra2zHG6
6hWySx/cqO2E2wUjcnd/p0jdthzdTbPhkc0c7TdZBB0KfyYAfv/k5qdbfcP0GhHm
CpDzofVgPAd3q4GISZ3G71nM8Gx6a4i1hSyIiZ2pY/87rJIJMLiqIzeezYQEuK4=
=Trvm
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list