Solved

Squid Proxy Server not resolving local DNS domains Windows Server 2008

Posted on 2010-09-21
6
1,843 Views
Last Modified: 2012-05-10
Hello,

i recently configured Squid Proxy Server to be used in Windows. (Squid started as a Unix product).

Everything is working fine. I have my ACLs working fine. Only a group of websites are accessible as i configured it this way. Perfect. Now, when i try to access our own websites, it's giving me this error.


ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://lindsaygia.com/

The following error was encountered:

    * Read Error

The system returned:

    (10054) WSAECONNRESET, Connection reset by peer.

An error condition occurred while reading data from the network. Please retry your request.

Your cache administrator is webmaster.
Generated Tue, 21 Sep 2010 17:05:53 GMT by IFGSRVMIS001.IFG.LOCAL (squid/2.7.STABLE8)


I don't know where to start... i believe it might be a DNS issue, but don't know exactly what since you can always see our websites perfectly fine when we are not using the Proxy.

It seems obvious to me it's a DNS issue, but maybe it's more a Squid configuration issue... BUT, if that was the case, then i wouldnt be able to see google and yahoo for example.

Something curious... I have an exchange server that resolves in xx.xxx.xxx.228 when i want to acccess the web version of outlook. the rest of my websites resolves to .229. Now, the difference is that All websites resolving .229 are accessed thru a Coyote Load Balancing.
in other words, in my DNS, instead of having 10.0.0.40 (which is my webserver) i have .45 (Coyote). Outlook is pointing to .47 (no using coyote).

Very confused right now that's why i am asking to the experts because i can't figure this out by myself...
Thank you
0
Comment
Question by:acampos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 

Author Comment

by:acampos
ID: 33728664
Ok. I found something interesting.

I added a Host (A) in my DNS with the intranet.mywebsite.com pointing directly to the IP of my webserver (contrary to pointing to my Coyote IP) and it works like a charm. It seems Coyote does not let Squid to resolve DNS.

I am gonna take a look to Juniper forums and see if i find some jewel in there...

i'll keep you posted.
0
 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 33732156
I may be off:

Or, is it that you don't have a loop back on the Coyote?  Adding the internal DNS means it doesn't try to use the public IP and get routed back through the Coyote to the internal web sever.  Do your internal users use point to the public IP of your website or do they point to the internal IP?

So that I know if I understand, the Coyote hardware is your firewall, right?
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 250 total points
ID: 33733401
Without using Squid can you connect to intranet.mywebsite.com using the public external IP address?

If so, then you need to check all ACL's to see if the IP address of the box you are running Squid on is permited to do the same thing as your other internal IP addresses.

Typically inside hosts do NOT use external public IP addresses to access other internalhosts.

Coyote is more than likely a reference to a load balancer from  Coyotepoint.  We just retired a pair and we always used the Internal IP addresses from our Internal network.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:acampos
ID: 33887085
My boss decided to go with Websense... so, i guess at this point this discussion is over :(

Thank you for all your help thou.

0
 

Author Closing Comment

by:acampos
ID: 33887091
We decided to change product.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33887135
you're welcome and thanks for the points!
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question