Transparent Proxy + Squidguard - "Unable to Determine IP address from host"



  • Hi all,

    I tried searching google and the forums here for an answer to no avail. Please bear with me as I am fairly new to PFSense.

    What I am trying to do is get Squid & Squidguard working on my network, I've attached a chart of what my network looks like below:

    I've gone through the tutorials on setting it up, yet once I enable squid on LAN, no client machines are able to connect to any external websites. This is the error message I got when trying to access Google:

    While trying to retrieve the URL: http://www.google.com/

    The following error was encountered:

    Unable to determine IP address from host name for www.google.com

    The dnsserver returned:

    Refused: The name server refuses to perform the specified operation.

    This means that:

    The cache was not able to resolve the hostname presented in the URL.
    Check if the address is correct.

    I'm not sure if I've incorrectly set up DNS forwarding in PFSense, or if I have to change a setting on my AD server, or if this is actually even a DNS problem at all. Is there anyone out there who can advise on this?

    Any help would be greatly appreciated!



  • Are you sure you want to use the AD server for pfsense DNS request ? If no, then use your ISP DNS Server, or OPENDNS Servers ( 208.67.222.222 and 208.67.220.220 ).

    If YES, and you Active Directory Server is well configured with working redirectors, then you got RIGHTS issue

    Your AD Dns server seems to restricts requests to authentified computer only. Change you AD DNS Server Rights to allow request from unauthentified clients.



  • Okay, well I think I got it working now, what I did was entered my AD server's IP address in the "Bypass proxy for these source IPs" field. It all looks like its working now, as Squidguard also appears to be working and blocking sites.

    Is this an acceptable workaround though?


Log in to reply