[squid-users] GENEVE?
Amos Jeffries
squid3 at treenet.co.nz
Thu Aug 27 10:14:35 UTC 2020
On 27/08/20 1:43 pm, Jonas Steinberg wrote:
>
> I have no use case. My cloud provider has written a software-defined
> “appliance” meant to integrate with firewalls and routers. I was
> complaining that I had no way to integrate it with my DNS filtering
> workflows (Squid). They told me “Hey, if it’ll support GENEVE then you
> can make it work.” So I simply came here to ask.
>
> I mean…if anyone has any ideas of how I can get something to work
> without buying anything expensive I’d certainly be grateful!
>
Hmm. It depends a bit on what this appliance is for and what you want it
doing.
I'm not sure what Squid has to do with your DNS filtering workflows TBH.
Squid is typically just a client for DNS like any other software. It
does not manage or control DNS.
(warning: making some big assumptions here, so this may be way off what
you need).
If you mean Squid managing that new DNS-over-HTTP stuff Browsers are
trying to have happen. Whatever message filtering you have in the HTTP
layer should work no differently with or without any extra appliance
existing in the network.
If you mean Squid ACLs to apply policy to HTTP traffic to/from the
appliance ...
If the appliance is assigned IPs from your LAN or a DMZ range your Squid
ACLs that check IP range can match it in the broad sense. Like the
localnet ACL just checks for existence of a client on LAN vs Internet.
If you need an ACL to identify/match a specific appliance with
dynamically assigned IP you can use its hostname instead of IP. Squid
finds the IP as-needed via rDNS or mDNS depending on the .local TLD
existence in the FQDN.
NP: This has variable reliability. When the appliance IP changes the
DNS TTL determines how fast Squid can know about the change.
HTH
Amos
More information about the squid-users
mailing list