Professional Documents
Culture Documents
Selective Proxy by DNS Using Squid and BIND - Server Fault
Selective Proxy by DNS Using Squid and BIND - Server Fault
Selective Proxy by DNS Using Squid and BIND - Server Fault
serverfault.com/questions/253245/selective-proxy-by-dns-using-squid-and-bind
I want to selectively proxy some DNS entries. For example, I want most DNS queries to resolve
normally, but I want example.com to go through my proxy server. Furthermore, my proxy server
is not in my office (it's in my data center).
First, use BIND as a caching DNS server, and overwrite or force example.com to point to my
proxy server. I assume this can be done? I am not very experienced with BIND configuration.
Second, use Squid to proxy all requests received that target example.com to the REAL
example.com IP. I want to proxy http requests and other protocols that hit the right ports. So for
example, I would also want to proxy ssh if it is done through port 80 for example. Can Squid
work as this sort of proxy, or can it only work as an http proxy?
So for example the end result would look something like this. For the initial DNS query:
Then the the PC is "fooled" into thinking that example.com points to my server, instead of the
real example.com. So this happens:
Is this setup feasible? What configuration directives should I investigate to do the hard part?
proxy bind
1 Answer
1
Your first, DNS approach seems to be the best of two. To configure this, you should configure
your bind as an authoritative server for zone example.com. A piece of BIND config should look
nearly so:
I'm not absolutely shure, but you may need to configure your squid in "transparent" mode. There
are many examples over Internet.
Squid is HTTP, HTTPS, FTP proxy server. But HTTPS is handled with CONNECT http method
used. This is why you may use programs like Corkscrew or Proxytunnel These programs utilize
CONNECT method for tunneling. There is a problem with CONNECT timeouts - it is described
on ProxyTunnel page. The other approach to handling different protocols is redirecting data with
iptables. In this case, handling is done on the 3-rd and 4-th OSI levels (address and transport
protocols) and level 7 (application layer) isn't touched.
HUB
Your Answer
Sign up or log in
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
By clicking "Post Your Answer", you acknowledge that you have read our updated terms of
service, privacy policy and cookie policy, and that your continued use of the website is subject
to these policies.