Maintained by: NLnet Labs

[Unbound-users] Does unbound work with Cisco WCCP?

W.C.A. Wijngaards
Mon Jun 22 12:59:24 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Krad,

Yes if that is true then you have to use the WCCP's dns service for
the spoofing.  (This sounds like it would break HTTPS, DNSSEC and DANE
for such sites).

Best regards,
   Wouter

On 22/06/15 12:55, krad wrote:
> it doesnt look that way if you read the last bullet point
> 
> http://www.crypt.gen.nz/papers/cisco_squid_wccp.html
> 
> it seems that the application might well have to be able to spoof
> the source address and therefore have some form of awarness
> 
> its also eluded to here
> 
> https://networklessons.com/network-services/cisco-wccp-squid-transpare
nt-proxy/
>
>  On 22 June 2015 at 11:32, W.C.A. Wijngaards <wouter at nlnetlabs.nl 
> <mailto:wouter at nlnetlabs.nl>> wrote:
> 
> Hi Yuri,
> 
> On 09/06/15 12:12, Yuri Voinov wrote:
>> http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/waas/acns/v55/
c
>
>> 
onfiguration/local/guide/55ldg/wccpch.html#wp1353686
> 
> 
> 
>> http://i.imgur.com/WSSL3kF.png
> 
>> Just FYI.
> 
>> So, the question is same.
> 
> My guess is that the machine is offering DNS resolution in addition
> to the WCCP service.  And the DNS and WCCP do not really interact
> (apart from DNS lookups or using spare CPU cycles), so you are free
> to use any DNS resolver you want.
> 
> Best regards, Wouter
> 
> 
> 
>> Note: I've already used route map to intercept port 53 queries
>> and point it to Unbound instance. But WCCP has lower router CPU
>> load and more effective.
> 
>> _______________________________________________ Unbound-users 
>> mailing list Unbound-users at unbound.net
>> <mailto:Unbound-users at unbound.net> 
>> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
> 
> _______________________________________________ Unbound-users
> mailing list Unbound-users at unbound.net
> <mailto:Unbound-users at unbound.net> 
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVh+qMAAoJEJ9vHC1+BF+N88QP/38T//nxVeKouAorykWxhbnu
1hSSKXKQ6WxYapBM6fpNBjrVxFIL6Peq145JPRfQOZGVsrKo8pK0wPC9nzAAn/bK
rziIguodI60yRhJ0uMrUEs1CYX9OesNffW16CDbUR3o2doIfoP4vkzUOBWk21Mnp
uL9ejq2d94mDfe/T4/ODi4EL07oUFY/h8KeBjtizrPLYrmotZkEIRQxIY/SYDTDp
zlMWfFWMCJwzUgtk9gjOu2rQUJ1GjuF+1EreoxdfB1Qd2suv+B1hsMptGExtc9EX
s5Y/LZCTIZ2vf4E82oFH/AuLyLocmZePqXypS4604o22rrgemDr81NVfrOZ27HHD
LObcA/TaQokAaMpfbzOaX1NMt+lUce/lNr+5f5jsS2YK4RD8ifBzPq7r5bVuPAwM
8NPD/BrUdIskBZCiM8//HbU7h4JxcVHHVq2upHHR6Bh88lfEI1SlCz8tOoXG8y55
llsn22fcjWE09Dz2lYrBHcON1ez2pyeiKMPhDYq2WI1xeFFz5moi0Dx8Ui5Wc8Mh
Y+kbIifuBLpWKa8h5roNvwhngezoUylIlF6q3t4TgxC12RPkepu6H1B1ApqAnWD5
imhqwNzreQeHR/x5i8KJPoN0QnTIPza1/nO31YzJYL6Azvzu7tiYaoIzSAIYKQXO
ekR/NedQ+VB5ed3yTJ03
=qVNq
-----END PGP SIGNATURE-----