Solved

Squid Proxy Server not resolving local DNS domains Windows Server 2008

Posted on 2010-09-21
6
1,789 Views
Last Modified: 2012-05-10
Hello,

i recently configured Squid Proxy Server to be used in Windows. (Squid started as a Unix product).

Everything is working fine. I have my ACLs working fine. Only a group of websites are accessible as i configured it this way. Perfect. Now, when i try to access our own websites, it's giving me this error.


ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://lindsaygia.com/

The following error was encountered:

    * Read Error

The system returned:

    (10054) WSAECONNRESET, Connection reset by peer.

An error condition occurred while reading data from the network. Please retry your request.

Your cache administrator is webmaster.
Generated Tue, 21 Sep 2010 17:05:53 GMT by IFGSRVMIS001.IFG.LOCAL (squid/2.7.STABLE8)


I don't know where to start... i believe it might be a DNS issue, but don't know exactly what since you can always see our websites perfectly fine when we are not using the Proxy.

It seems obvious to me it's a DNS issue, but maybe it's more a Squid configuration issue... BUT, if that was the case, then i wouldnt be able to see google and yahoo for example.

Something curious... I have an exchange server that resolves in xx.xxx.xxx.228 when i want to acccess the web version of outlook. the rest of my websites resolves to .229. Now, the difference is that All websites resolving .229 are accessed thru a Coyote Load Balancing.
in other words, in my DNS, instead of having 10.0.0.40 (which is my webserver) i have .45 (Coyote). Outlook is pointing to .47 (no using coyote).

Very confused right now that's why i am asking to the experts because i can't figure this out by myself...
Thank you
0
Comment
Question by:acampos
  • 3
  • 2
6 Comments
 

Author Comment

by:acampos
ID: 33728664
Ok. I found something interesting.

I added a Host (A) in my DNS with the intranet.mywebsite.com pointing directly to the IP of my webserver (contrary to pointing to my Coyote IP) and it works like a charm. It seems Coyote does not let Squid to resolve DNS.

I am gonna take a look to Juniper forums and see if i find some jewel in there...

i'll keep you posted.
0
 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 33732156
I may be off:

Or, is it that you don't have a loop back on the Coyote?  Adding the internal DNS means it doesn't try to use the public IP and get routed back through the Coyote to the internal web sever.  Do your internal users use point to the public IP of your website or do they point to the internal IP?

So that I know if I understand, the Coyote hardware is your firewall, right?
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 250 total points
ID: 33733401
Without using Squid can you connect to intranet.mywebsite.com using the public external IP address?

If so, then you need to check all ACL's to see if the IP address of the box you are running Squid on is permited to do the same thing as your other internal IP addresses.

Typically inside hosts do NOT use external public IP addresses to access other internalhosts.

Coyote is more than likely a reference to a load balancer from  Coyotepoint.  We just retired a pair and we always used the Internal IP addresses from our Internal network.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 

Author Comment

by:acampos
ID: 33887085
My boss decided to go with Websense... so, i guess at this point this discussion is over :(

Thank you for all your help thou.

0
 

Author Closing Comment

by:acampos
ID: 33887091
We decided to change product.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33887135
you're welcome and thanks for the points!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question