Pass client DNS requests

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Pass client DNS requests

Patrick Flaherty

Hi,

 

Again I’m fairly new to Squid but loving it. We enforce only certain domains be accessible via the whitelist directive. Is there a way to pass DNS requests through the proxy for resolution? We are currently using Windows host entries. L

 

I added the following but Squid came back in a network trace with “Destination Unreachable”.

acl Safe_ports port 53                   

http_access allow Safe_ports               

 

Thank You,

Patrick


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Pass client DNS requests

babajaga
This post has NOT been accepted by the mailing list yet.
squid is a http(s)-proxy. DNS-requests are a completely other story.
>We enforce only certain domains be accessible via the whitelist directive.<
So you only have to define an ACL to match the allowed domains (list of allowed domains stored in a file), to forward the http(s) requests/connects. Deny all other access, possibly with customized error page.

No need to mess around with DNS then. Or special hosts-file.
Reply | Threaded
Open this post in threaded view
|

Re: Pass client DNS requests

Matus UHLAR - fantomas
In reply to this post by Patrick Flaherty
On 10.11.15 17:03, Patrick Flaherty wrote:
>Again I'm fairly new to Squid but loving it. We enforce only certain domains
>be accessible via the whitelist directive. Is there a way to pass DNS
>requests through the proxy for resolution? We are currently using Windows
>host entries. L

no. Squid is a HTTP proxy. it's not a DNS proxy.
use DNS server or DNS proxy for that.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Pass client DNS requests

Amos Jeffries
Administrator
On 12/11/2015 3:52 a.m., Matus UHLAR - fantomas wrote:

> On 10.11.15 17:03, Patrick Flaherty wrote:
>> Again I'm fairly new to Squid but loving it. We enforce only certain
>> domains
>> be accessible via the whitelist directive. Is there a way to pass DNS
>> requests through the proxy for resolution? We are currently using Windows
>> host entries. L
>
> no. Squid is a HTTP proxy. it's not a DNS proxy.
> use DNS server or DNS proxy for that.
>

DNS proxy also goes by the name "recursive resolver", which you might be
more familiar with.

The best design is to have a recursive resolver setup somewhere on your
network and have it used by both your clients and Squid.

Amos

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Pass client DNS requests

Yuri Voinov

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
My 5 cents:

http://unbound.net/

11.11.15 22:07, Amos Jeffries пишет:
> On 12/11/2015 3:52 a.m., Matus UHLAR - fantomas wrote:
>> On 10.11.15 17:03, Patrick Flaherty wrote:
>>> Again I'm fairly new to Squid but loving it. We enforce only certain
>>> domains
>>> be accessible via the whitelist directive. Is there a way to pass DNS
>>> requests through the proxy for resolution? We are currently using
Windows

>>> host entries. L
>>
>> no. Squid is a HTTP proxy. it's not a DNS proxy.
>> use DNS server or DNS proxy for that.
>>
>
> DNS proxy also goes by the name "recursive resolver", which you might be
> more familiar with.
>
> The best design is to have a recursive resolver setup somewhere on your
> network and have it used by both your clients and Squid.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJWQ2g+AAoJENNXIZxhPexGzhsH/jJslBRDX3WCKvWXkj3wPm9F
CwK4Xj1HCGNwqqU7Azyu2CVysD+SGF5r8q5kcqxQfjer2yHIV5GSxgdpdmDINBwL
HS5iNBmj52fkrdKM1gYQ/JEjw3N34UYPPKLKlGnAKNCBOeISi2Jivr6+gQmqINru
KRHzXJZl5IK3Jn8bQeOsrFJQuzw6aTBYLTwr1qSnB+2XkQyjkqnZC4fFhHr+dmlr
NtqKc4r/y4Tjh+o85Zt5wW7qGWZwk/bcVY3PAYZ1wqlDwgBijX921u97qiS9pt5b
4nU+KkjOUs4qwfSPTEqvi+91PFZTjlxEKcLniq1MSPzAtspdxSzeI0g4cxvK2jM=
=tiT6
-----END PGP SIGNATURE-----

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Pass client DNS requests

talikarni
In reply to this post by Matus UHLAR - fantomas
On 11/11/2015 8:52 AM, Matus UHLAR - fantomas wrote:

> On 10.11.15 17:03, Patrick Flaherty wrote:
>> Again I'm fairly new to Squid but loving it. We enforce only certain
>> domains
>> be accessible via the whitelist directive. Is there a way to pass DNS
>> requests through the proxy for resolution? We are currently using
>> Windows
>> host entries. L
>
> no. Squid is a HTTP proxy. it's not a DNS proxy.
> use DNS server or DNS proxy for that.
>
Squid cannot, but you can use an external DNS server, either at the same
location or elsewhere.
You can setup another server (or two) with your own DNS (we use PowerDNS
or pDNS), and then add the entry in squid.conf to use that DNS server.
We have several setup this way.

The squid.conf entry would be like this:

dns_nameservers 11.22.33.44 11.22.33.45

Then on the DNS server just create entries for rerouted or blocked
sites. I would suggest looking at the powerdns groups and mailing list
for more details on this.

Mike

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users