Proxy does not send response for internal host

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Proxy does not send response for internal host

tappdint
I'm quite new to proxies/networking so I'll try and be as verbose as I can. I
have a VM that will request access to an internal host (dev.abc.com). This
host container and other containers which are dependencies are created
locally on my mac (using docker for mac). So I also run a docker squid
container  (datadog/squid) on my mac to allow that VM to use the same
network/access same hosts. From inside my VM when I use the proxy to curl
sites like Google/Facebook/Yahoo i get proper responses. But when I curl
this host I get an ERR_DNS_FAIL result.

<div id="content">
<p>The following error was encountered while trying to retrieve the URL:
http://dev.abc.com/ <http://dev.abc.com/>  </p>

<blockquote id="error">
<p>*Unable to determine IP address from host name <q>dev.abc.com</q>*</p>
</blockquote>

<p>The DNS server returned:</p>
<blockquote id="data">
<pre>Name Error: The domain name does not exist.</pre>
</blockquote>

<p>This means that the cache was not able to resolve the hostname presented
in the URL. Check if the address is correct.</p>

<p>Your cache administrator is  webmaster
<mailto:webmaster?subject=CacheErrorInfo%20-%20ERR_DNS_FAIL&amp;body=CacheHost%3A%20538a0f427a73%0D%0AErrPage%3A%20ERR_DNS_FAIL%0D%0AErr%3A%20%5Bnone%5D%0D%0ADNS%20ErrMsg%3A%20Name%20Error%3A%20The%20domain%20name%20does%20not%20exist.%0D%0ATimeStamp%3A%20Tue,%2007%20Nov%202017%2022%3A18%3A35%20GMT%0D%0A%0D%0AClientIP%3A%20192.168.99.1%0D%0A%0D%0AHTTP%20Request%3A%0D%0AGET%20%2F%20HTTP%2F1.1%0AUser-Agent%3A%20curl%2F7.43.0%0D%0AAccept%3A%20*%2F*%0D%0AProxy-Connection%3A%20Keep-Alive%0D%0AHost%3A%x.yz.com%0D%0A%0D%0A%0D%0A>
.</p>
<br>
</div>

<hr>
<div id="footer">
<p>Generated Tue, 07 Nov 2017 22:18:35 GMT by 538a0f427a73
(squid/3.5.12)</p>

</div>

I've searched online for posts with similar errors but I'm still confused. I
*think* that the issue lies in my squid config but I'm not sure what exactly
I need to modify/add. I basically took the huge config file provided by the
image and removed all the unnecessary comments/options. The site said that
/Please note that the stock configuration available with the container is
set for local access
/. So thats currently what my config does. Here is what is looks like:

---------------------------------------------------
# Adapt to list your (internal) IP networks from where browsing should be
allowed
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged)
machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

# Recommended minimum Access Permission configuration:
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

http_access deny to_localhost

http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all


# Squid normally listens to port 3128
http_port 3128

debug_options rotate=1 ALL,2
---------------------------------------------------

What modifications/config options should i be looking into so that my
internal host resolves? Thanks!



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Proxy does not send response for internal host

Amos Jeffries
Administrator
On 14/11/17 11:21, tappdint wrote:

> I'm quite new to proxies/networking so I'll try and be as verbose as I can. I
> have a VM that will request access to an internal host (dev.abc.com). This
> host container and other containers which are dependencies are created
> locally on my mac (using docker for mac). So I also run a docker squid
> container  (datadog/squid) on my mac to allow that VM to use the same
> network/access same hosts. From inside my VM when I use the proxy to curl
> sites like Google/Facebook/Yahoo i get proper responses. But when I curl
> this host I get an ERR_DNS_FAIL result.
>
> <div id="content">
> <p>The following error was encountered while trying to retrieve the URL:
> http://dev.abc.com/ <http://dev.abc.com/>  </p>
>
> <blockquote id="error">
> <p>*Unable to determine IP address from host name <q>dev.abc.com</q>*</p>
> </blockquote>
>
> <p>The DNS server returned:</p>
> <blockquote id="data">
> <pre>Name Error: The domain name does not exist.</pre>
> </blockquote>
>
> <p>This means that the cache was not able to resolve the hostname presented
> in the URL. Check if the address is correct.</p>
>

There should be nothing mysterious here. The above error message text is
literal and clear about the problem as can be. If you do not understand
them please lookup the terms is uses.

"the cache" here is a less common term meaning your Squid. The others
are all common networking names for the pieces and things happening.


>
> I've searched online for posts with similar errors but I'm still confused. I
> *think* that the issue lies in my squid config but I'm not sure what exactly
> I need to modify/add. I basically took the huge config file provided by the
> image and removed all the unnecessary comments/options. The site said that
> /Please note that the stock configuration available with the container is
> set for local access
> /. So thats currently what my config does. Here is what is looks like:
>
... <snip default Squid-3 config documentation file>


>
> What modifications/config options should i be looking into so that my
> internal host resolves? Thanks!
>

You need to either;

  * configure the VM running Squid to use a DNS resolver that knows what
the internal domains are, or

  * configure the DNS resolver it is using to know those internal
hostnames, or

  * configure your network using the standardized .local namespace
intended for local hostnames and all the VMs to use m-DNS.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Proxy does not send response for internal host

tappdint
Amos Jeffries wrote

> You need to either;
>
>   * configure the VM running Squid to use a DNS resolver that knows what
> the internal domains are, or
>
>   * configure the DNS resolver it is using to know those internal
> hostnames, or
>
>   * configure your network using the standardized .local namespace
> intended for local hostnames and all the VMs to use m-DNS.

Just wanted to clarify/confirm. My squid and host app containers are running
locally on my mac (no VM) and the application that requests said host is the
one running in the VM. Are the 3 options you provided still valid?

For the first option I was thinking of figuring out what DNS Resolvers my
Mac uses to resolve hosts and add those to my squid.conf using the
*dns_nameservers* config (along with the existing ones already in Squid's
resolv.conf). Would that be the correct approach?




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Proxy does not send response for internal host

Amos Jeffries
Administrator
On 15/11/17 04:19, tappdint wrote:

> Amos Jeffries wrote
>> You need to either;
>>
>>    * configure the VM running Squid to use a DNS resolver that knows what
>> the internal domains are, or
>>
>>    * configure the DNS resolver it is using to know those internal
>> hostnames, or
>>
>>    * configure your network using the standardized .local namespace
>> intended for local hostnames and all the VMs to use m-DNS.
>
> Just wanted to clarify/confirm. My squid and host app containers are running
> locally on my mac (no VM) and the application that requests said host is the
> one running in the VM. Are the 3 options you provided still valid?

Yes. Though there may be complications depending on whether the
containers have their own DNS server settings or use the hosts.


>
> For the first option I was thinking of figuring out what DNS Resolvers my
> Mac uses to resolve hosts and add those to my squid.conf using the
> *dns_nameservers* config (along with the existing ones already in Squid's
> resolv.conf). Would that be the correct approach?
>

Squid should be loading the /etc/hosts and /etc/resolv.conf settings by
default. You only need the dns_nameservers if you want to override the
machines normal ones.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Proxy does not send response for internal host

tappdint
I was able to get the proxy to work properly with the original settings I
posted. The issue was with the docker network. There were multiple networks
and the squid container ran on a separate network rather than the network
where all the containers were operating. To fix the issue I simply ran squid
with an extra flag (--network) and everything seems to be working fine now.
Thanks!



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Proxy does not send response for internal host

Amos Jeffries
Administrator
On 17/11/17 03:57, tappdint wrote:
> I was able to get the proxy to work properly with the original settings I
> posted. The issue was with the docker network. There were multiple networks
> and the squid container ran on a separate network rather than the network
> where all the containers were operating. To fix the issue I simply ran squid
> with an extra flag (--network) and everything seems to be working fine now.
> Thanks!
>

Cool. Sounds like you have a very interesting use-case there.

Would you be able to write up the design and configuration settings for
a page in our wiki?

eg. <https://wiki.squid-cache.org/ConfigExample/ContainerNetworks>


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users