> On Fri, 9 Apr 2004, dtom wrote:
>
> > I got following snoop output and cache.log while accessing http://www.mail-archive.com/.
> > H.H.H.H is squid box IP and A.A.A.A is DNS IP.
> > You can see sets of double queries and responses. Query line was very quickly shown after
> > response line was shown.
> > Two "idnsRead: FD 6: received 124 bytes from A.A.A.A." are written to cache.log.
> > I don't want squid to query twice.
> >
> > # snoop -r -d hme0 port 53
> > Using device /dev/hme (promiscuous mode)
> > H.H.H.H -> A.A.A.A DNS C www.mail-archive.com. Internet Addr ?
> > H.H.H.H -> A.A.A.A DNS C www.mail-archive.com. Internet Addr ?

>
> Please include timing details. Have no use of these traces unless there is
> timing details.


OK.Here is snoop output with timing details.

# snoop -r -t d -d hme0 port 53
0.01784 H.H.H.H -> A.A.A.A DNS C www.mail-archive.com. Internet Addr ?
0.00004 H.H.H.H -> A.A.A.A DNS C www.mail-archive.com. Internet Addr ?
0.00040 A.A.A.A -> H.H.H.H DNS R www.mail-archive.com. Internet Addr 211.9.244.15
0.00001 A.A.A.A -> H.H.H.H DNS R www.mail-archive.com. Internet Addr 211.9.244.15
0.00462 H.H.H.H -> A.A.A.A DNS C www.mail-archive.com. Internet Addr ?
0.00004 H.H.H.H -> A.A.A.A DNS C www.mail-archive.com. Internet Addr ?
0.00092 A.A.A.A -> H.H.H.H DNS R www.mail-archive.com. Internet Addr 211.9.244.15
0.00002 A.A.A.A -> H.H.H.H DNS R www.mail-archive.com. Internet Addr 211.9.244.15
0.00761 H.H.H.H -> A.A.A.A DNS C www.mail-archive.com. Internet Addr ?
0.00004 H.H.H.H -> A.A.A.A DNS C www.mail-archive.com. Internet Addr ?
0.00065 A.A.A.A -> H.H.H.H DNS R www.mail-archive.com. Internet Addr 211.9.244.15
0.00001 A.A.A.A -> H.H.H.H DNS R www.mail-archive.com. Internet Addr 211.9.244.15

Squid queried ,and queried again soon(within 0.00004sec).


> > 2004/04/09 13:47:56| aclCheck: checking 'always_direct allow EADDR'
> > 2004/04/09 13:47:56| aclMatchAclList: checking EADDR
> > 2004/04/09 13:47:56| aclMatchAcl: checking 'acl EADDR dst D.D.D.D/12 E.E.E.E/16'
> > 2004/04/09 13:47:56| ipcache_gethostbyname: 'www.mail-archive.com', flags=1

>
> Ok, this I have not tried. Maybe there is some slight error in
> acl processing causing the double DNS lookup.


Why do you think so?
How can I see if there is some slight error in acl processing causing the double DNS lookup?

--
Tomi