Monday, October 26, 2009

Linux Securirty Notes 14: Squid notes 6: DNS Round Robin

Squid - Force proxy usage
    Here will explain how configure all the outbound traffic (to internet) to only route through proxy.
Step 1:
    We will disable all the outbound access to the internet from local network except the squid server in the firewall.
    And explicitly allow the squid server outbound traffic to port 80/443.
Step 2:
    Now configure the Proxy server. Setup the proxy variable in the client (Browser settings as well the http_proxy variable settings). And check the access.log file. This is the recommended setup so that all the outbound traffic from our network will be monitored and controlled using squid.

Squid Load balancing - Using DNS Round Robin:
    This configuration will make squid to run in a load-balance fashion. The DNS ROUND ROBIN will take care of routing request from source to all the squid servers configured with DNS Round Robin. Here the cache can be shared among the squid servers. This make the same cache access for all the requests on load balancing.

To obtain this we will configure two squid servers for our network

Step 1:
    Install squid on both the servers and configure both the servers with the same business rule. Start squid servers. Make sure that the squid is running on both the servers.
Step 2:
Configure the DNS for ROUND ROBIN:
    Here we will make entry of both the squid servers in DNS. Here we have to make a same "A" record pointing to different IP address of the two squid servers
Eg:    A    A

        So when we make a query to the DNS server the DNS server will reply both the IPs, subsequent reply will alter the position of the A record. This means If the result for the first query for the FQDN returns "    A". Then the subsequent query will yield the result of " A". Thus the Load will be balanced equally to both of the servers.
Check the working of DNS ROUND ROBIN using
# dig
# nslookup

Step 3:
    Configure the browsers and the variables in the client for the squid server "". and try to brows.
        Keep in mind about the DNS cache used by client.

No comments:

Post a Comment

tag ur valuable ideas below