Squid Local DNS Patch
-
Since my previous post, I've come up with a modification to both squid.xml and squid.inc that adds the option to force squid to use the pfSense DNS server.. Unfortunately, diff doesn't appear to be included in pfSense…
Here's my addition to the squid.xml file, just after the field for icp_port:
<field><fieldname>dns_nameservers</fieldname> <fielddescr>Enable Local DNS</fielddescr> <description>This will force the proxy server to use the DNS server on pfSense to perform DNS lookups.</description> <type>checkbox</type></field>
In the squid.inc file, here's my addition to the squid_resync_general function:
if (($settings['dns_nameservers'] == 'on')) { $conf .= "dns_nameservers 127.0.0.1\n"; }
That code segment goes just after the similar if statement for the transparent proxy setting.
In case you missed my earlier post, this ensures that any DNS changes you've made in pfSense are enforced by the proxy server. If you are overriding any zones, without this change and that item checked, your overridden zones will be bypassed by proxy clients.
-
Problem access to 127.0.0.1 from squid in transparent mode exists. May be need use Lan IP? But may be bug if you change Lan IP - also will be need change squid.conf
-
What's the issue accessing 127.0.0.1 from squid while it is in transparent mode?
This is working for me at the moment.