[squid-users] ACL based DNS server list
Grant Taylor
gtaylor at tnetconsulting.net
Wed Nov 2 14:52:21 UTC 2022
On 11/2/22 4:03 AM, David Touzeau wrote:
> It should be a good feature request that the Squid DNS client supports eDNS
> eDNS can be used to send the source client IP address received by Squid
> to a remote DNS.
Does Squid even have it's own DNS "" / lookup mechanism?
I naively assumed that Squid simply used the system's name resolution
capabilities, be that DNS, /etc/hosts, or even NIS(+).
As such, I would be shocked if there is any plumbing to pass additional
information; e.g. down stream proxy client, to influence how the name
resolution happens.
Maybe I'm wrong. Hopefully I'll learn something from how others respond.
> In this case the DNS will be able to change its behavior depending on
> the source IP address.
I take that to mean that DNS will change it's behavior based on the
EDNS0 Client Subnet information. Because DNS will still see Squid as
the client of the DNS query.
Aside: There's a chance that the -- as I understand it -- suggested /24
aggregation of E.C.S. will not be granular enough to provide the OP's
desired result.
N.B. the E.C.S. interactions that I've had have used /24 or larger
subnets to protect client identity.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20221102/f16414ec/attachment.bin>
More information about the squid-users
mailing list