Then on how you can set it up to get the best home network with great performance. First, we take a look at which components you need (router, access point, switch, etc). Today, I am going to explain how to setup your home network. Or when you are working on the dining table, but you can’t use the printer. It also makes things a lot easier, nothing is so annoying as walking upstairs and losing the wifi connection. If this is not what you're trying to do, you should edit your question to reflect that.Having a good and stable home network is important, especially these days when we work more from home and have more and more connected devices. This way, all your non-HTTP requests go where you want them to, and your HTTP requests go through your proxy. You don't have to do anything with DNS to accomplish this, you only need an edge router/firewall that supports policy routing to forward any packet with a destination protocol/port of TCP 80 to your (internal/external) Squid proxy. There are many products that can do this, as well as open source solutions such as Squid. Your question is confusing, but if I'm interpreting this correctly, it sounds like you're describing a transparent intercepting HTTP proxy. However, for all port 80 traffic, it should intercept the traffic and forward to a web proxy. This server should forward / redirect all non-http traffic to an IP address associated with the real DNS record as accurately as possible. This needs to work for an arbitrary set of domains (potentially all of them).Ī client wants us to configure a DNS server to point all non-whitelisted domains to an IP address of a server on the internet. This is probably similar to how OpenDNS does their DNS+Proxying, but they only seem to do it for. Not to mention we would be limited from a concurrency perspective. This could in theory be possible if we had a large block of public IP addresses that could intelligently route based on the sender's IP to the proper destination, but the engineering effort required there to keep the DNS request and subsequent requests to that same domain in sync would be immense. It doesn't actually proxy the request to a server under our control. OpenDNS has something called blocked page proxy but that merely displays an authentication form. I realize we can forward all http traffic at the firewall level, but the client wants to avoid http requests to CDNs or media heavy sites as well as minimize deployment effort across disparate network configurations.įorwarding port 80 traffic isn't enough for us as we want to minimize latency for certain domains (such as those associated with CDNs or partner sites). Ideally the system will minimize bandwidth usage & latency for non-http traffic without requiring anything besides DNS or firewall configuration. Is the above approach feasible? If not, are there other ways this problem can be approached short of requiring specialized gateway hardware? However, for all port 80 (http) traffic, it should intercept the request and proxy it, possibly modifying the response. The server associated with this poisoned record should forward / redirect all non-http traffic to the actual IP address associated with the canonical DNS record. I have a requirement that I believe may be impossible and wanted to confirm this with experts in this community.Ī client wants us to configure a DNS server to resolve certain domains to an IP address of a server under our control (poisoned DNS).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |