DST is not recommended by me, because it brings up DNS queries. DST is an IP(s)-based ACL, which might have to resolve DNS FQDN to IP before it is able to determine whether the requested domain name matches the DST ACL .
> On Jan 13, 2026, at 1:26 AM, Matus UHLAR - fantomas <[email protected]> wrote: > >>> On 10.01.26 06:19, archer wrote: >>>> Greetings from Beijing. When it comes to the location, you know our >>>> security concerns. >>>> I managed to implement the following bluemaps: >>>> >>>> * acl extranet dstdomain “domain list A” >>>> * acl extranet_whitelist dstdomain “domain list B” >>> >>>> So, what can I do to have extranet DNS handled by the parent proxy, while >>>> leaving the remainder to the child proxy, with a domain list ? > >>> On Jan 12, 2026, at 4:33 PM, Matus UHLAR - fantomas <[email protected]> >>> wrote: >>> You can use "dstdomain -n" to disable DNS translation here. >>> I recommend doing that. > > On 13.01.26 01:18, archer wrote: >> In my config, it is “dstdomain -n” already. Anyway it is not functional, >> whether there is a “-n “ tag . >> I have dig official conf reference, and lots mail archives. Believe me, I >> would not make easy mistakes. >> Anyway I am not capable of reviewing squid source code, dunno whether it is >> a designed logic or a bug. If it is not expectable, I might have to select >> another child proxy program. > > there may be different directive(s) that require DNS lookup, e.g. "dst" > directives. > > but if your ISP intercepts and modifies DNS, I recommend using DNS server > supporting DoH, DoT or supporting validation, if you are unable to switch > ISPs or ask them not to do that. > > -- > Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > 2B|!2B, that's a question! > _______________________________________________ > squid-users mailing list > [email protected] > https://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list [email protected] https://lists.squid-cache.org/listinfo/squid-users
