Vyatta Proxy Setup

domain-name-systeminternal-dnsPROXYvyatta

So I am currently migrating our office away from the current proxy (Squid running in Windows on our Mail server…I did not set it up…) to a new one, Squid running on Vyatta.

So far I have everything setup and working perfectly, however im having trouble getting it to use two different DNS servers, one for internet (8.8.8.8) and another for internal domain name sites.

If I set our internal DNS ip first with:

set system name-server 192.168.47.1
set system name-server 8.8.8.8

Then it does seem to resolve everything, however any public websites on the internet take an incredibly long time to resolve. However, if I switch it around so the public DNS is first, websites load incredibly quick but it will only load records in the public DNS.

Using nslookup with either setting only seems to use the first name server.

Anyone dealt with this before?

Best Answer

What is happening with the squid config above is that it's trying to resolve public DNS via your internal server, then waiting for it to fail, then trying public DNS.

I would suggest running a separate DNS proxy on the system and tell squid to use that. Something nice and easy like dnsmasq allows you to set different DNS servers for internal domains, but everything else goes to public internet DNS. Looks like Vyatta includes dnsmasq.

Alternatively, set up forwarding on whatever your internal DNS server is to allow it to resolve internet domain names, then just use the one DNS server in squid.

Related Solutions

DNS issue for internal website routing internet connection from remote location

This is either

a DNS configuration problem (at remote location)
a DNS server problem (wrong views)
a translating firewall problem

Scenario 1:

Make sure the remote location accesses the same (internal) DNS server that the main location uses. Test with

dig @internal-DNS-ip internal.website.com

and make sure that the ending ";; SERVER:" output repeats that IP. Does the answer contain the private IP address?

Possible scenario: the hosts at your remote location are instructed to contact a DNS server other than the internal one.

Fix: configure the remote location computers (or the DHCP server for them) to use the internal DNS.

Scenario 2:

Make the same "dig" query from a computer at main location. Do you get the private IP addresses?

Possible scenario: views instruct the internal DNS server to respond X to some clients and Y to the rest. The new link entailed new IP addresses for the remote location, and the view mask on the internal DNS server has not been updated.

Fix: update the address mask for the view @ internal DNS.

Scenario 3:

Some routers snoop into DNS responses and, when they find your public IP address matching an internal NAT, they replace it to the local address.

Possible scenario: the DNS replies always with the public address (no views), but queries from main location go through such router and queries from remote location do not.

Fix: configure views @ internal DNS so that all internal hosts receive the internal website IP natively.

Windows – Unreliable DNS resolving for external domains using Windows Server 2008

The issue has been resolved. The server has 2 network ports which worked together as a 'Teamed' connection. Once we disabled the teaming and one of the NICs all worked like a charm.

Best Answer

Related Solutions

DNS issue for internal website routing internet connection from remote location

Windows – Unreliable DNS resolving for external domains using Windows Server 2008

Related Topic