[squid-users] TProxy and client_dst_passthru

Stakres vdoctor at neuf.fr
Thu Jul 2 11:05:31 UTC 2015


Hi Amos,

216.58.220.36 != www.google.com ??? 
Have a look: http://www.ip-adress.com/whois/216.58.220.36, this is google.

Depending the DNS server used, the IP can change, we know that especialy due
to BGP.

In the case the client is an ISP providing internet to smaller ISPs with
different DNS with their end users, here I understand that due to the
ORIGINAL_DST squid will check the headers and if the dns records do not
match so squid will not cache, even with a storeid engine, because too many
different DNS servers in the loop (users -> small ISP -> big ISP -> squid ->
internet), am I right ?

So, the result is a very poor 9% saving where we could expect around 50%
saving. 

Can you plan, for a next build, a workaround to accept the original dns
record from the headers and check dns if and only if the headers do not
contain any dns record ?
I understand Squid should provide some securities but here we should have
the possibility to ON/OFF these securities.
Or do we need to downgrade to Squid 2.7/3.0 ?

ISPs need to cache a lot, security is not their main issue.

Thanks in advance.
Fred




--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TProxy-and-client-dst-passthru-tp4670189p4672020.html
Sent from the Squid - Users mailing list archive at Nabble.com.


More information about the squid-users mailing list