[squid-users] Squid and DNS
Julian Perconti
vh1988 at yahoo.com.ar
Thu Sep 6 05:40:25 UTC 2018
Hi all,
"I discovered" that if I use more than one *local* dns server/resolver, when
I use squid HTTPS, there are some problems accesing to the web.
For example:
I have a squid with TLS support in server "B"; the gateway and resolver of
the server "B" is server "A" and the server "A" has bind installed and
multiple or at least one (local) dns forwarders. (djbdns)
In this scenario squid; takes a long time to load some sites like Dropbox,
Twitter, (if it load succesfull, other times does not load in anyway).
If I remove the forwarders (local always, never publics one like 8.8.8.8) in
server "A", the problem disappears.
In this scenario, the dns forwarders in server "A" is not being directly
used by the clients nor squid (they are forwarders for bind in server "A"),
e.g. browsing by server "B" (squid) an resolving domains via server "A" with
forwarders.
So, the question: How can I use multiple DNS caching resolvers/server (local
or remote) like bind/djbdns without the issue mentioned above?
Is mandatory for squid to use only 1 dns/caching nameserver?
From: https://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery
>ensure that the DNS servers Squid uses are the same as those used by the
client(s).
>Certain popular CDN hosting networks use load balancing systems to
determine which website IPs to return in the DNS query response. These are
based on the querying DNS resolvers IP. If Squid >and the client are using
different resolvers there is an increased chance of different results being
given. Which can lead to this alert
Thank You in advance!
More information about the squid-users
mailing list