[squid-users] Force DNS queries over TCP?
Yuri Voinov
yvoinov at gmail.com
Fri Jul 1 15:36:55 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
cisco is just one of them.
Let me explain to you why the conversation turned for Cisco. Squid (as
by as another proxies) is used most frequently as a server for the user
group. Each of them can set their own DNS settings. That may be
completely different from Squid or infrastructure settings. In this
case, the infrastructure will be broadcast DNS queries from clients to
the outside world. Without the full intercept port tcp/udp/53 on the
infrastructure and the implementation of transparent DNS proxy is not
possible to completely eliminate the situation where proxies and clients
will perform DNS queries to different DNS servers. Make it with a chip
pure software method, often very difficult. If we talk about personal
proxy - then yes, you can do anything you want, just software.
So, lets differentiate. We are talking about shared proxy - in
infrastructure with active network equipement, or about personal proxy
on own PC with full administrative control and with completely another
goals.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXdo4XAAoJENNXIZxhPexG/rcH/0zdp/Y5VsJ5YZZ6dilmQyjk
xQu6QdOQYB8FCMD9ljZrPjsOiK0VsvuIM3Z/l5Zy770HfO30hhk2r3gkuhh9nWsr
NDSFIJJdVicdaQzI98fXbDnTK0A2OCggZePA/OvkYgkDUdAwtWcCzQcSxxfmkm9Q
HoXVctYdTp8SX3VtzqxhJVhi30oBSmV4nsv/H/JxYAoAXP5J2DchU1pJsyqtXY2S
3rdDePOGzKmokcECfG3o2pyFA5I9zqbEO2xW5z1UzZs4swbfIzI/Pn98G+/PwljW
WzekQ3dRo8WCLFSS4x5tcDPyFTsJAgeUPyGP55Tt5SMq84womVURQgqXnHwCM1s=
=dCde
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160701/e8c2dac6/attachment.key>
More information about the squid-users
mailing list