Re: [squid-users] peer-select.cc, cache_peer and dns queries

Mon, 12 Jan 2026 10:12:09 -0800 

On 13.01.26 01:37, archer wrote:

DST is not recommended by me, because it brings up DNS queries.


That's exactly what I have said.


DST is an IP(s)-based ACL, which might have to resolve DNS FQDN to IP before it 
is able to determine whether the requested domain name matches the DST ACL .


I know. Can you post your squid.conf or should we continue guessing?


On 10.01.26 06:19, archer wrote:

Greetings from Beijing. When it comes to the location, you know our security 
concerns.
I managed to implement the following bluemaps:

*       acl extranet                    dstdomain “domain list A”
*       acl extranet_whitelist          dstdomain “domain list B”



So, what can I do to have extranet DNS handled by the parent proxy, 
while leaving the remainder to the child proxy, with a domain list ?



On Jan 12, 2026, at 4:33 PM, Matus UHLAR - fantomas <[email protected]> wrote:
You can use "dstdomain -n" to disable DNS translation here.
I recommend doing that.


On 13.01.26 01:18, archer wrote:

In my config, it is “dstdomain -n” already.  Anyway it is not 
functional, whether there is a “-n “ tag .
I have dig official conf reference, and lots mail archives.  Believe me, 
I would not make easy mistakes.
Anyway I am not capable of reviewing squid source code, dunno whether it 
is a designed logic or a bug.  If it is not expectable, I might have to 
select another child proxy program.



On Jan 13, 2026, at 1:26 AM, Matus UHLAR - fantomas <[email protected]> 
wrote: there may be different directive(s) that require DNS lookup, e.g.  
"dst" directives.



but if your ISP intercepts and modifies DNS, I recommend using DNS server 
supporting DoH, DoT or supporting validation, if you are unable to switch 
ISPs or ask them not to do that.


--
Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Have you got anything without Spam in it?
- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.
_______________________________________________
squid-users mailing list
[email protected]
https://lists.squid-cache.org/listinfo/squid-users






















					Reply via email to