[squid-users] peer-select.cc, cache_peer and dns queries

archer the-archer at 139.com
Mon Jan 12 17:37:38 UTC 2026

Previous message (by thread): [squid-users] peer-select.cc, cache_peer and dns queries
Next message (by thread): [squid-users] peer-select.cc, cache_peer and dns queries
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

DST is not recommended by me, because it brings up DNS queries. 
DST is an IP(s)-based ACL, which might have to resolve DNS FQDN to IP before it is able to determine whether the requested domain name matches the DST ACL .

> On Jan 13, 2026, at 1:26 AM, Matus UHLAR - fantomas <uhlar at fantomas.sk> wrote:
> 
>>> On 10.01.26 06:19, archer wrote:
>>>> Greetings from Beijing. When it comes to the location, you know our security concerns.
>>>> I managed to implement the following bluemaps:
>>>> 
>>>> * 	acl extranet  			dstdomain “domain list A”
>>>> *	acl extranet_whitelist  	dstdomain “domain list B”
>>> 
>>>> So, what can I do to have extranet DNS handled by the parent proxy, while leaving the remainder to the child proxy, with a domain list ?
> 
>>> On Jan 12, 2026, at 4:33 PM, Matus UHLAR - fantomas <uhlar at fantomas.sk> wrote:
>>> You can use "dstdomain -n" to disable DNS translation here.
>>> I recommend doing that.
> 
> On 13.01.26 01:18, archer wrote:
>> In my config, it is “dstdomain -n” already. Anyway it is not functional, whether there is a “-n “ tag .
>> I have dig official conf reference, and lots mail archives. Believe me, I would not make easy mistakes.
>> Anyway I am not capable of reviewing squid source code, dunno whether it is a designed logic or a bug. If it is not expectable, I might have to select another child proxy program.
> 
> there may be different directive(s) that require DNS lookup, e.g. "dst" directives.
> 
> but if your ISP intercepts and modifies DNS, I recommend using DNS server supporting DoH, DoT or supporting validation, if you are unable to switch ISPs or ask them not to do that.
> 
> -- 
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> 2B|!2B, that's a question!
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users

Previous message (by thread): [squid-users] peer-select.cc, cache_peer and dns queries
Next message (by thread): [squid-users] peer-select.cc, cache_peer and dns queries
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the squid-users mailing list