Re: [squid-users] DNS double query - squid

This is a discussion on Re: [squid-users] DNS double query - squid ; > On Wed, 14 Apr 2004, dtom wrote: >=20 > > > Have you by any chance disabled the ipcache? > >=20 > > Yes,but I don't know how to disable the ipcache. >=20 > Have you touched any of ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Re: [squid-users] DNS double query

  1. Re: [squid-users] DNS double query

    > On Wed, 14 Apr 2004, dtom wrote:
    >=20
    > > > Have you by any chance disabled the ipcache?

    > >=20
    > > Yes,but I don't know how to disable the ipcache.

    >=20
    > Have you touched any of the ipcache or dns directives in squid.conf?
    >=20
    > egrep 'ipcache|dns' squid.conf | grep -v '^#'


    Yes.=20

    =3D=3D squid.conf
    ipcache_size 16384
    ipcache_low 93
    ipcache_high 95
    dns_retransmit_interval 3 seconds
    dns_nameservers A.A.A.A B.B.B.B C.C.C.C

    > > Temporarily disable the use of the dst acls in your http_access,=20
    > > cache_peer_access etc access lists, then monitor DNS usage.

    >=20
    > I did but got same result.


    I'm sorry. This was mistaken information.
    If I disabled dst acls, cache_peer_access, always_direct, never_direct
    =2E.., Squid injected no DNS query.=20
    I enabled again, Squid injected double DNS query again.


  2. Re: [squid-users] DNS double query

    >
    > > > Temporarily disable the use of the dst acls in your http_access,=20
    > > > cache_peer_access etc access lists, then monitor DNS usage.

    > >=20
    > > I did but got same result.

    >
    > I'm sorry. This was mistaken information.
    > If I disabled dst acls, cache_peer_access, always_direct, never_direct
    > =2E.., Squid injected no DNS query.=20
    > I enabled again, Squid injected double DNS query again.


    I am having exactly the same problem with version 2.5.STABLE3 on OpenBSD 3.4.
    In our case, our squid queries twice but our ISP's nameserver refuses to
    answer the same query from the same source within a milliseconds, then
    squid tries to query to the secondary nameserver that is in /etc/resolv.conf
    and waits for that answer to come back resulting very slow proxy connections.

    I temporary pointed to our internal nameserver using dns_nameservers which
    would reply to the double query to fix the slowness of proxy.

    Removing all 'acl dst' entries fix the double query problem but I have:

    acl to_localhost dst 127.0.0.0/8
    # We strongly recommend to uncomment the following to protect innocent
    # web applications running on the proxy server who think that the only
    # one who can access services on "localhost" is a local user
    http_access deny to_localhost

    and one more 'acl dst' to allow a connection.


    Any solutions?

    ---
    Fory Horio 360 N. Sepulveda Blvd., Suite 2055
    Twin Sun Inc. El Segundo, CA 90245
    fory@twinsun.com Tel: (310) 524-1800 ext 226, Fax: (310) 524-1818

+ Reply to Thread