Transparant squid -> no DNS

klazoid · Dec 6, 2011, 4:08 PM

I've always used a non-transparant setup but wanted to switch so users don't require a specific setup before they can use http.
When I direct traffic in the browser "manually" through the proxy (like before), all works fine.
When I set the browser to autodetect the settings, sites won't come up, unless I try to access them through their IP address.

I also tried to configure the clients through wpad with this instruction: http://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid but I have the same problem.

It seems obvious that there is a DNS problem but I can't figure out why because when 'forced' to use the proxy, the browser resolves the DNS requests without a problem

mhab12 · Dec 6, 2011, 5:05 PM

Do you have both the 'transparent proxy' and 'allow users on interface' boxes checked?

klazoid · Dec 7, 2011, 9:29 AM

Allow users on interface : check
Transparent proxy: check

On the same computer:
Firefox: forced to use the proxy in browser settings –> no problem
IE: automatically detect -> only possible to browse IP sites, URL doesn't resolve

I'm able to access the wpad.dat, wpad.da,... files through the webbrowser browsing: wpad.domain.com/wpad.dat

klazoid · Dec 7, 2011, 11:16 AM

I just entered: http://wpad.domain.com/wpad.dat in the "use configuration script" and after that, I'm able to browse.

But when using the "automatically detect" setting (the one I would like to use) I still get no DNS resolving.

mhab12 · Dec 7, 2011, 9:24 PM

Auto detect is for the wpad stuff only. To utilize 'transparent', no autoconfigure is required. It is truly transparent to the unsophisticated end user. Boot the computer and browse. You can check if Squid is working by visiting http://www.whatismyip.com/ and look for a refence to Squid.

TailWagsTheDog · Dec 12, 2011, 10:03 AM

If you do want to use auto-detect though and IE refuses to play ball I've often found it to be one of two things…

If you configured your wpad using DNS (and not DHCP) then make sure you've used an A record for the wpad entry, and not a CNAME. For some reason IE doesn't like CNAME's....
IE sets a registry entry to store the results of its automatic detection ("Automatic Proxy Result Cache")... IE then stubbornly refuses to re-detect things if your WPAD changes ::). So; if you deployed a broken WPAD.dat file as you were refining your javascript, IE will make a note it's broken and never bother to check if it's fixed. I normally resolve this IE issue by resetting IE to it's default settings (tools -> Internet Options -> Advanced -> Reset...). There are other ways but a google search will help you there, resetting IE doesn't bother me too much. Note that as Chrome uses system proxy settings it too will suffer from this... the reset of IE will fix both browsers.
(Make sure you've tested you're WPAD.DAT file using something free like pactester etc. so you know your WPAD.DAT is valid).