-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Krad,
Yes if that is true then you have to use the WCCP's dns service for the spoofing. (This sounds like it would break HTTPS, DNSSEC and DANE for such sites). Best regards, Wouter On 22/06/15 12:55, krad wrote: > it doesnt look that way if you read the last bullet point > > http://www.crypt.gen.nz/papers/cisco_squid_wccp.html > > it seems that the application might well have to be able to spoof > the source address and therefore have some form of awarness > > its also eluded to here > > https://networklessons.com/network-services/cisco-wccp-squid-transpare nt-proxy/ > > On 22 June 2015 at 11:32, W.C.A. Wijngaards <[email protected] > <mailto:[email protected]>> wrote: > > Hi Yuri, > > On 09/06/15 12:12, Yuri Voinov wrote: >> http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/waas/acns/v55/ c > >> onfiguration/local/guide/55ldg/wccpch.html#wp1353686 > > > >> http://i.imgur.com/WSSL3kF.png > >> Just FYI. > >> So, the question is same. > > My guess is that the machine is offering DNS resolution in addition > to the WCCP service. And the DNS and WCCP do not really interact > (apart from DNS lookups or using spare CPU cycles), so you are free > to use any DNS resolver you want. > > Best regards, Wouter > > > >> Note: I've already used route map to intercept port 53 queries >> and point it to Unbound instance. But WCCP has lower router CPU >> load and more effective. > >> _______________________________________________ Unbound-users >> mailing list [email protected] >> <mailto:[email protected]> >> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users > > _______________________________________________ Unbound-users > mailing list [email protected] > <mailto:[email protected]> > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVh+qMAAoJEJ9vHC1+BF+N88QP/38T//nxVeKouAorykWxhbnu 1hSSKXKQ6WxYapBM6fpNBjrVxFIL6Peq145JPRfQOZGVsrKo8pK0wPC9nzAAn/bK rziIguodI60yRhJ0uMrUEs1CYX9OesNffW16CDbUR3o2doIfoP4vkzUOBWk21Mnp uL9ejq2d94mDfe/T4/ODi4EL07oUFY/h8KeBjtizrPLYrmotZkEIRQxIY/SYDTDp zlMWfFWMCJwzUgtk9gjOu2rQUJ1GjuF+1EreoxdfB1Qd2suv+B1hsMptGExtc9EX s5Y/LZCTIZ2vf4E82oFH/AuLyLocmZePqXypS4604o22rrgemDr81NVfrOZ27HHD LObcA/TaQokAaMpfbzOaX1NMt+lUce/lNr+5f5jsS2YK4RD8ifBzPq7r5bVuPAwM 8NPD/BrUdIskBZCiM8//HbU7h4JxcVHHVq2upHHR6Bh88lfEI1SlCz8tOoXG8y55 llsn22fcjWE09Dz2lYrBHcON1ez2pyeiKMPhDYq2WI1xeFFz5moi0Dx8Ui5Wc8Mh Y+kbIifuBLpWKa8h5roNvwhngezoUylIlF6q3t4TgxC12RPkepu6H1B1ApqAnWD5 imhqwNzreQeHR/x5i8KJPoN0QnTIPza1/nO31YzJYL6Azvzu7tiYaoIzSAIYKQXO ekR/NedQ+VB5ed3yTJ03 =qVNq -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
