[squid-users] Squid and DNS
Matus UHLAR - fantomas
uhlar at fantomas.sk
Thu Sep 6 07:22:43 UTC 2018
On 06.09.18 02:40, Julian Perconti wrote:
>"I discovered" that if I use more than one *local* dns server/resolver, when
>I use squid HTTPS, there are some problems accesing to the web.
>I have a squid with TLS support in server "B"; the gateway and resolver of
>the server "B" is server "A" and the server "A" has bind installed and
>multiple or at least one (local) dns forwarders. (djbdns)
>If I remove the forwarders (local always, never publics one like 8.8.8.8) in
>server "A", the problem disappears.
>In this scenario, the dns forwarders in server "A" is not being directly
>used by the clients nor squid (they are forwarders for bind in server "A"),
>e.g. browsing by server "B" (squid) an resolving domains via server "A" with
>forwarders.
what do you mean forwarders? You need to send query to a DNS server that
makes the resolution.
It's OK when you have squid configured on server "B" and DNS on server "A"
and squid uses server "A" for resolution.
However, your repeated usage of word "forwarders" indicates there is
something broken in the configuration on server "A".
>So, the question: How can I use multiple DNS caching resolvers/server (local
>or remote) like bind/djbdns without the issue mentioned above?
do not use djbdns. ever.
simply configure bind on server "A", allow it to provide recursion for
server "B" and that's all. Forget forwarders.
>Is mandatory for squid to use only 1 dns/caching nameserver?
usually, people have multiple DNS servers configured to fail over in case
one of them fails.
in some cases, client can balance the load, or prefer server with faster
responses.
There should be no problem of this kind, unless one of your DNS servers is
broken.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
There's a long-standing bug relating to the x86 architecture that
allows you to install Windows. -- Matthew D. Fuller
More information about the squid-users
mailing list