[squid-users] ACL based DNS server list

[Matus UHLAR - fantomas]

>On 11/2/22 4:03 AM, David Touzeau wrote:
>>It should be a good feature request that the Squid DNS client supports eDNS
>>eDNS can be used to send the source client IP address received by 
>>Squid to a remote DNS.

On 02.11.22 08:52, Grant Taylor wrote:
>Does Squid even have it's own DNS "" / lookup mechanism?

yes.

>I naively assumed that Squid simply used the system's name resolution 
>capabilities, be that DNS, /etc/hosts, or even NIS(+).

afaik these functions don't work asynchronously which would be problem for 
squid.

up to 3.4 squid supported external DNS children. 


>>In this case the DNS will be able to change its behavior depending 
>>on the source IP address.
>
>I take that to mean that DNS will change it's behavior based on the 
>EDNS0 Client Subnet information.  Because DNS will still see Squid as 
>the client of the DNS query.

Since it's always squid who accesses destination servers, providing client 
subnet option by squid is useless here and only squid's IP matters.


>Aside:  There's a chance that the -- as I understand it -- suggested 
>/24 aggregation of E.C.S. will not be granular enough to provide the 
>OP's desired result.
>
>N.B. the E.C.S. interactions that I've had have used /24 or larger 
>subnets to protect client identity.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whales. Collect the whole set.