[squid-users] udp_incoming_address and DNS

[Dagmar Dobner]

Hello,
I have two squid siblings, both with one internal and one external 
IP-address. The internal IP-address is for ICP/UDP queries. For security 
reasons I will bind the open ICP/UDP port to the internal IP-address:

udp_incoming_address 192.168.0.1
udp_outgoing_address 255.255.255.255
After doing this, DNS/UDP packets become an internal source IP-address 
and DNS is not working.

It seems that creating a new TAG "dns_outgoing_address" allows to bind 
DNS/UDP requests to the
external IP-address and ICP/UDP queries to the internal IP-address:

--- snip ---
server1#cat squid.conf
...
dns_outgoing_address 194.113.40.222
udp_incoming_address 192.168.0.1
udp_outgoing_address 255.255.255.255
server1#cd squid-2.5.STABLE3/src
server1#
server1#grep dns_outgoing *
cf.data:NAME: dns_outgoing_address
cf.data:LOC:Config.Addrs.dns_outgoing
cf.data.pre:NAME: dns_outgoing_address
cf.data.pre:LOC:Config.Addrs.dns_outgoing
cf_parser.h:    default_line("dns_outgoing_address 255.255.255.255");
cf_parser.h:    else if (!strcmp(token, "dns_outgoing_address"))
cf_parser.h:            parse_address(&Config.Addrs.dns_outgoing);
cf_parser.h:    dump_address(entry, "dns_outgoing_address", 
Config.Addrs.dns_outgoing);
cf_parser.h:    free_address(&Config.Addrs.dns_outgoing);
dns_internal.c: addr = Config.Addrs.dns_outgoing;
squid.conf.default:#  TAG: dns_outgoing_address
squid.conf.default:# dns_outgoing_address 255.255.255.255
structs.h:      struct in_addr dns_outgoing;

server1#cat dns_internal.c
...
void
idnsInit(void)
{
   static int init = 0;
   if (DnsSocket < 0) {
       int port;
       struct in_addr addr;
       /* new
       if (Config.Addrs.udp_outgoing.s_addr != no_addr.s_addr)
           addr = Config.Addrs.udp_outgoing;
       else
           addr = Config.Addrs.udp_incoming;
       */
       addr = Config.Addrs.dns_outgoing;
       DnsSocket = comm_open(SOCK_DGRAM,
           0,
           addr,
           0,
           COMM_NONBLOCKING,
           "DNS Socket");
       if (DnsSocket < 0)
           fatal("Could not create a DNS socket");
...
--- snip ---
Any ideas - without hacking the source code?
Regards,
Dagmar Dobner
begin:vcard
fn:Dagmar Dobner
n:Dobner;Dagmar
org;quoted-printable:Landeshauptstadt M=C3=BCnchen;Direktorium, AfID 3.1
adr;dom:;;Herzog-Wilhelm-Str. 22;Muenchen;;80331
email;internet:[EMAIL PROTECTED]
tel;work:+49 89 233 21 101
tel;fax:+49 89 233 26 432
version:2.1
end:vcard