Solved

Squid Proxy Server not resolving local DNS domains Windows Server 2008

Posted on 2010-09-21
6
1,805 Views
Last Modified: 2012-05-10
Hello,

i recently configured Squid Proxy Server to be used in Windows. (Squid started as a Unix product).

Everything is working fine. I have my ACLs working fine. Only a group of websites are accessible as i configured it this way. Perfect. Now, when i try to access our own websites, it's giving me this error.


ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://lindsaygia.com/

The following error was encountered:

    * Read Error

The system returned:

    (10054) WSAECONNRESET, Connection reset by peer.

An error condition occurred while reading data from the network. Please retry your request.

Your cache administrator is webmaster.
Generated Tue, 21 Sep 2010 17:05:53 GMT by IFGSRVMIS001.IFG.LOCAL (squid/2.7.STABLE8)


I don't know where to start... i believe it might be a DNS issue, but don't know exactly what since you can always see our websites perfectly fine when we are not using the Proxy.

It seems obvious to me it's a DNS issue, but maybe it's more a Squid configuration issue... BUT, if that was the case, then i wouldnt be able to see google and yahoo for example.

Something curious... I have an exchange server that resolves in xx.xxx.xxx.228 when i want to acccess the web version of outlook. the rest of my websites resolves to .229. Now, the difference is that All websites resolving .229 are accessed thru a Coyote Load Balancing.
in other words, in my DNS, instead of having 10.0.0.40 (which is my webserver) i have .45 (Coyote). Outlook is pointing to .47 (no using coyote).

Very confused right now that's why i am asking to the experts because i can't figure this out by myself...
Thank you
0
Comment
Question by:acampos
  • 3
  • 2
6 Comments
 

Author Comment

by:acampos
ID: 33728664
Ok. I found something interesting.

I added a Host (A) in my DNS with the intranet.mywebsite.com pointing directly to the IP of my webserver (contrary to pointing to my Coyote IP) and it works like a charm. It seems Coyote does not let Squid to resolve DNS.

I am gonna take a look to Juniper forums and see if i find some jewel in there...

i'll keep you posted.
0
 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 33732156
I may be off:

Or, is it that you don't have a loop back on the Coyote?  Adding the internal DNS means it doesn't try to use the public IP and get routed back through the Coyote to the internal web sever.  Do your internal users use point to the public IP of your website or do they point to the internal IP?

So that I know if I understand, the Coyote hardware is your firewall, right?
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 250 total points
ID: 33733401
Without using Squid can you connect to intranet.mywebsite.com using the public external IP address?

If so, then you need to check all ACL's to see if the IP address of the box you are running Squid on is permited to do the same thing as your other internal IP addresses.

Typically inside hosts do NOT use external public IP addresses to access other internalhosts.

Coyote is more than likely a reference to a load balancer from  Coyotepoint.  We just retired a pair and we always used the Internal IP addresses from our Internal network.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Author Comment

by:acampos
ID: 33887085
My boss decided to go with Websense... so, i guess at this point this discussion is over :(

Thank you for all your help thou.

0
 

Author Closing Comment

by:acampos
ID: 33887091
We decided to change product.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33887135
you're welcome and thanks for the points!
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question