I talked to a developer which uses dnsmasq and it seems to have an option to add resolved ip addresses into a linux ipset set.
So it is possible to dynamically add IP addresses of domains out of the proxy interception.
Ideally an ICAP service will be able to see the request and redirect the client using some 30X code to a request that will not be considered a loop.
And.. by the time the client will is being “redirected(maybe couple times) the client traffic will no be intercept era at all leaving the OS and the CPU to spend the right amount of resources.
Eliezer CroitoruLinux System AdministratorMobile: +972-5-28704261Email: [hidden email]