tor 2007-04-26 klockan 11:16 -0400 skrev Michael W. Lucas:
> Packet sniffing shows that the client is talking to the proxy, but the
> client is also trying all of its DNS servers to resolve the hostname
> of the Web site. With complex Web sites this can take a while -- for
> example, the front page for www.cnn.com has several hostnames in it.
> I suspect this is causing the very slow access.
Should not, assuming the private DNS has a proper private root zone
allowing it to promptly reject DNS queries for other domains with
"Domain does not exists".
This is needed for any IP based proxy.pac rules to work proper, if not
they will get significant delays due to DNS trying to resolve external
names and the DNS servers not knowing what to do..
> Do other people see this behavior? What did you do? Surely we're not
> the first people to use Squid, IE, and private DNS?
Have run it very successfully at different customers. Technically it's
no different from having a public DNS, in many cases even a lot more
efficient as the internal DNS infrastructure does not get clogged with
external DNS data and the clients do not need to wait for external DNS
lookups just to find if a site is internal or not..
Drawback from having an private unconnected DNS infrastructure is that
the "hack" of returning "DIRECT" on unresolvable domains obviously
doesn't work so users will see the proxy error instead of the browser
error when they type wrong..
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT