[tproxy] Tproxy + DNS + OpenDNS = Borked

Adrian Chadd adrian.chadd at gmail.com
Thu May 20 02:45:52 CEST 2010


On 20 May 2010 07:55, Tristram Cheer <tproxy at tristramcheer.com> wrote:
> Is there anyway to get squid and TPROXY to spoof DNS requests to show as
> coming from the client IP and not cache the result?

With a bit of coding, sure. This has an impact on your cache contents
- since each client has a "different view" of DNS, content is going to
have to be cached according to the client themselves rather than just
globally.  Also, cached content for client A that isn't filtered by
open DNS will be returned to client B that is filtered by open DNS
because cached content doesn't necessarily require constant
revalidation, and cached content w/out revalidation won't require a
DNS lookup to complete.  That'll require further code changes.

You should bounce further questions like this to the squid-users@
list, rather than this list!


Adrian


More information about the tproxy mailing list