On Tue, 13 Apr 2004, dtom wrote:

> OK.Here is snoop output with timing details.
>
> # snoop -r -t d -d hme0 port 53
> 0.01784 H.H.H.H -> A.A.A.A DNS C www.mail-archive.com. Internet Addr ?
> 0.00004 H.H.H.H -> A.A.A.A DNS C www.mail-archive.com. Internet Addr ?
> 0.00040 A.A.A.A -> H.H.H.H DNS R www.mail-archive.com. Internet Addr 211.9.244.15
> 0.00001 A.A.A.A -> H.H.H.H DNS R www.mail-archive.com. Internet Addr 211.9.244.15


This does indeed look odd..

> 0.00462 H.H.H.H -> A.A.A.A DNS C www.mail-archive.com. Internet Addr ?
> 0.00004 H.H.H.H -> A.A.A.A DNS C www.mail-archive.com. Internet Addr ?


And this is worse.. yet another query for www.mail-archive.com 0.004
seconds after receiving the reply to the first..

Have you by any chance disabled the ipcache?

> > Ok, this I have not tried. Maybe there is some slight error in
> > acl processing causing the double DNS lookup.

>
> Why do you think so?


It is just a speculation on why you see double DNS lookups. You are using
dst acls while in my tests when making the 2.5.STABLE5 release I did not
use dst acls, just plain forwarding. The DNS lookup for a dst ACL is
performed in a different part of the code than the forwarding lookup. Both
are cached in the ipcache.

> How can I see if there is some slight error in acl processing causing
> the double DNS lookup?


Temporarily disable the use of the dst acls in your http_access,
cache_peer_access etc access lists, then monitor DNS usage.

Regards
Henrik