HTTP Anti-Virus Proxy
http://havp.hege.li/forum/

HAVP using DNS nameservers - new feature needed!
http://havp.hege.li/forum/viewtopic.php?f=3&t=390		 Page 1 of 1
Author:  Dmitry [ 26 Sep 2008 13:43 ]
Post subject:  HAVP using DNS nameservers - new feature needed!
It is very necessary to add in HAVP possibility directly to specify used DNS servers. If on a workstation are established Squid with authorisation of users through service Samba (Winbind) + parental HAVP then there is a conflict - for Samba it is necessary resolv.conf to specify in a file to the first local DNS a server but then search of pages of the Internet is essentially slowed down. If to specify the first external DNS a server the Internet of the provider, speed of the Internet considerably increases, but leads to failures of services Samba, Winbind, Kerberos etc.
Author:  hege [ 26 Sep 2008 19:23 ]
Post subject:  Re: HAVP using DNS nameservers - new feature needed!
I'm sorry but that would require coding a complete resolver to HAVP, instead of a simple system call it's using now. There is really no need, and no developers free anyway.

In it's recommended configuration (squid->havp->squid), HAVP will not even need to resolve anything.

I'm not sure if I even understood your problem, but there is most certainly better way to solve it.
Author:  Dmitry [ 26 Sep 2008 21:43 ]
Post subject:  Re: HAVP using DNS nameservers - new feature needed!
Really there is no necessity to recode the main HAVP units. We will take advantage of your advice so to us it will be most easier. I ask you to excuse me for bad English, I used a translation program. :mrgreen:
Author:  zqguaq [ 17 Jan 2009 05:22 ]
Post subject:  Re: HAVP using DNS nameservers - new feature needed!
Hi!

I met the problem of failing DNS resolving some minutes ago.

(I've successfully set up a "schroot" for transparent HAVP on my gateway; little minor glitch: templates do not work at all)

Entering IP adresses (that can not at all be resolved to a DNS name) are working entries to browse servers.

Entering the DNS name of a website leads to the known error of HAVP not beeing able to resolve the name to its IP.

Putting Squid in front of the HAVP would not directly meet my needs (completely and explicitely avoiding any caching from some VM-Clients).


Since it's not possible to configure HAVP itself to use a specified DNS server, which requirements must be met to satisfy HAVP's needs for resolving DNS names to IP addresses? By now I couldn't figure out what exactly is needed for solving this issue...

Best regards from Germany
Author:  hege [ 17 Jan 2009 10:28 ]
Post subject:  Re: HAVP using DNS nameservers - new feature needed!
Did you set up /etc/resolv.conf inside your chroot?
Author:  zqguaq [ 17 Jan 2009 14:35 ]
Post subject:  Re: HAVP using DNS nameservers - new feature needed!
Yes, I did so.

This was one of the first thougths I had when failing to resolve DNS names.

EDIT :

I've verified Resolving within my chroot (made with schroot for user-switching to havp).

"nslookup domain.ext" within chroot works as expected (like without schroot I get the domain.ext resolved to ip1.ip2.ip3.ip4).
"ping domain.ext" returns "ping: unknown host domain.ext"
"ping ip1.ip2.ip3.ip4" returns "ping: icmp open socket: Operation not permitted".

Using a browser with havp as proxy:
Entering ip-address works like a charm.
Entering a DNS-name "domain.ext" or "www.domain.ext" shows in browser "HAVP could not open Template! Check errorlog and config!" and errorlog states "[date time] Could not resolve hostname (http://www.domain.ext)".

Using browser from same client or from gateway without HAVP works as expected.
Resolving http://www.domain.ext from gateway works with nslookup, ping and browser also leads to successfull display of webpage.


EDIT #2 : Solved the problem

I simply forgot to copy some files from /lib/ and /usr/lib/ to my chroot.
ldd did not mention them.
Page 1 of 1 All times are UTC + 2 hours [ DST ]
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/