[squid-users] Proxy does not send response for internal host
tappdint
akash.kumar.patel at appdirect.com
Mon Nov 13 22:21:15 UTC 2017
I'm quite new to proxies/networking so I'll try and be as verbose as I can. I
have a VM that will request access to an internal host (dev.abc.com). This
host container and other containers which are dependencies are created
locally on my mac (using docker for mac). So I also run a docker squid
container (datadog/squid) on my mac to allow that VM to use the same
network/access same hosts. From inside my VM when I use the proxy to curl
sites like Google/Facebook/Yahoo i get proper responses. But when I curl
this host I get an ERR_DNS_FAIL result.
<div id="content">
<p>The following error was encountered while trying to retrieve the URL:
http://dev.abc.com/ <http://dev.abc.com/> </p>
<blockquote id="error">
<p>*Unable to determine IP address from host name <q>dev.abc.com</q>*</p>
</blockquote>
<p>The DNS server returned:</p>
<blockquote id="data">
<pre>Name Error: The domain name does not exist.</pre>
</blockquote>
<p>This means that the cache was not able to resolve the hostname presented
in the URL. Check if the address is correct.</p>
<p>Your cache administrator is webmaster
<mailto:webmaster?subject=CacheErrorInfo%20-%20ERR_DNS_FAIL&body=CacheHost%3A%20538a0f427a73%0D%0AErrPage%3A%20ERR_DNS_FAIL%0D%0AErr%3A%20%5Bnone%5D%0D%0ADNS%20ErrMsg%3A%20Name%20Error%3A%20The%20domain%20name%20does%20not%20exist.%0D%0ATimeStamp%3A%20Tue,%2007%20Nov%202017%2022%3A18%3A35%20GMT%0D%0A%0D%0AClientIP%3A%20192.168.99.1%0D%0A%0D%0AHTTP%20Request%3A%0D%0AGET%20%2F%20HTTP%2F1.1%0AUser-Agent%3A%20curl%2F7.43.0%0D%0AAccept%3A%20*%2F*%0D%0AProxy-Connection%3A%20Keep-Alive%0D%0AHost%3A%x.yz.com%0D%0A%0D%0A%0D%0A>
.</p>
<br>
</div>
<hr>
<div id="footer">
<p>Generated Tue, 07 Nov 2017 22:18:35 GMT by 538a0f427a73
(squid/3.5.12)</p>
</div>
I've searched online for posts with similar errors but I'm still confused. I
*think* that the issue lies in my squid config but I'm not sure what exactly
I need to modify/add. I basically took the huge config file provided by the
image and removed all the unnecessary comments/options. The site said that
/Please note that the stock configuration available with the container is
set for local access
/. So thats currently what my config does. Here is what is looks like:
---------------------------------------------------
# Adapt to list your (internal) IP networks from where browsing should be
allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged)
machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# Recommended minimum Access Permission configuration:
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
http_access deny to_localhost
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
# Squid normally listens to port 3128
http_port 3128
debug_options rotate=1 ALL,2
---------------------------------------------------
What modifications/config options should i be looking into so that my
internal host resolves? Thanks!
--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
More information about the squid-users
mailing list