[squid-users] Two dns record fqdn pointing to different squid servers

Antony Stone Antony.Stone at squid.open.source.it
Wed Feb 1 19:41:34 UTC 2017 

On Wednesday 01 February 2017 at 20:06:22, erdosain9 wrote:

> Hi.
> I have running two squid servers.
> One with ip access and another with users.

Sorry, what do you mean by "IP access"?

I assume both Squid servers have IP addresses.

Do you mean that only one of them has connectivity to the Internet?

What do you mean by "the other one has users"?

Is it doing some sort of authentication, or do you simply mean that this is 
the one the users have connectivity to, so that your network arrangement is:

users -> Squid box 1 -> Squid box 2 -> router -> Internet

...and that the users cannot connect to Squid box 2, and Squid box 1 cannot 
connect to the Internet.

Is that a reasonable description of your setup?

> (the machine users are configure with "proxy.blabla.lan" (the squid with ip
> access)

I don't think I uderstand that bit.

> I want to know if it is possible do balance between them.

Please define "balance"?

> The problem, for me it is that the "server with ip access" it is refer with
> a A dns record that point to his ip (proxy.blabla.lan)... and the "squid
> with user access", the dns it is pointing with fqdn (squid.blabla.lan)....

Okay, so the two machines have DNS A records for different hostnames.

> So, i cant do a multiple A record, pointing to the two ip, because, one of
> the squid servers wait a fqdn answer...

Why can't you do a multiple A record?

There's nothing wrong with:

proxy.blabla.lan	A	192.168.38.56

squid.blabla.lan	A	192.168.38.73

example.blabla.lan	A	192.168.38.56
				A	192.168.38.73

So that example.blabla.lan points to both IP addresses.

> I tried to do  CNAME but, its not working... (i tried to do
> "proxy.blabla.com pointing to squid.blabla.com at the same time that the ip
> of the "ip access squid server")

No, you are not allowed to have a CNAME in DNS as well as any other record (A, 
MX, NS, etc).  If something is a CNAME, it cannot also be anything else.

> (hope this understood, i dont speak english)

I think you're doing okay, but please clarify the things requested above :)

Also, please simply tell us: what are you trying to achieve?  It's often the 
case that someone is trying to solve a problem, thinks of a possible solution, 
and asks on a mailing list such as this for help in implementing the 
solutions, when there is actually a far better / simpler solution to the 
problem available.  However, because the problem itself was not stated, nobody 
can propose the better / simpler solution, and everyone just works towards 
making the poorer solution work somehow or other...


Regards,


Antony.


-- 
People who use Microsoft software should be certified.

                                                   Please reply to the list;
                                                         please *don't* CC me.

More information about the squid-users mailing list