Connect to HTTP with FQDN using proxy

[fragranz]

On IPCop 1.4.21: I have a web server in the DMZ. I enabled the proxy in transparent mode on the green interface. Now when I access my web server (in orange zone) from the green zone I am obliged to give the fully qualified name: www.systemx.local whereas before I could simply do www.

I said that I have configured the DMZ for servers who have access to TCP and UDP with DNS server in the green zone. I also verified that the short name resolution worked since all the servers. So I do not really know where to look for this little problem if its only cosmetic if I understand correctly.

Can you help me in connecting HTTP with FQDN using proxy?

[Kirt]

Transparent proxy mode, which resolves the name?

Answer: IPCOP itself resolves the name. However, in general, ipcop has no internal dns web server as dns server (and the default domain). Hence the non-resolution www.

How? In fact it even program IPCop Squid that resolves the name: you can configure Squid to use a DNS server other than the machine. (It will change the squid.conf file.)

[fragranz]

OK it is IPCop that resolves the name.

- On the client ping www works
http://www it does not work
http://www.systemx.local it works

- On IPCop with "domain systemx.local" in /etc/resolv.conf
ping www works.

So it's a configuration problem on Squid. I have restarted squid ((/usr/local/bin/restartsquid) to flush the DNS cache but to no avail.

To make sure I have no problem with DNS I tested on IPCop:

www host 192.168.2.199 (DNS server in green area) and it responds well to me:

Using domain server:
Name: 192.168.2.199
Address: 192.168.2.199#53
www.systemx.local has address 192.168.1.204

So it works!

Now for Squid I added in "/var/ipcop/proxy/acl" (this file is not recreated every time you change the Squid conf) directive :

dns_nameservers 192.168.2.199

which is intended to use it rather than DNS in resolv.conf. Then I restarted IPCop and downright ... no improvement:

http://www is still trapped by the proxy.

Any idea?

[Kirt]

Linux uses a client usually /etc/resolv.conf to point out the means of resolution with the lines:
nameserver x.x.x.x
search xxxx.xxx

Now ipcop can receive dns by its connection (in Red).

So it must be on that Squid uses the internal DNS server but also can add the field "search". But I do not know the proper setting.

[fragranz]

I found ...

In the squid conf it must have both:

dns_nameservers 192.168.2.199 (DNS server in my green area)
append_domain. systemx.local (my local domain name)

and it works after restarting squid ( "save" in the web interface)