On 4/03/2016 3:04 p.m., Dan Charlesworth wrote: > Eliezer, > > I haven’t had time to put together a current squid.conf and make it readable, > remove sensitive stuff. But we don’t have any DNS-related directives set, > it’s all just defaults for that stuff. >
FYI: (squid -k parse 2>&1 ) | grep -o "Processing.*" | grep "dns_" will quickly generate a sufficiently readable copy of whatever the proxy is actually using for the DNS settings. Also to verify lack of presence for them if as you say, its not supposed to have any configured. Also grep for ipcache_* and fqdncache_* settings. If they are overly large (or small) it can impact. > As for the other things you asked about: > > 1. The current resolv.conf looks like this: > ``` > search tceo > > nameserver 192.231.203.3 > nameserver 172.16.100.5 > ``` > > 2. Using `dns_v4_first on` and `dns_nameservers 192.231.203.3 172.16.100.5`, > doesn’t make any difference. > > > 3. Here’s a test to your site with a single IPv4 address: > > # time squidclient -h 10.100.128.1 http://ngtech.co.il > > HTTP/1.1 200 OK > Server: nginx/1.8.0 > Date: Fri, 04 Mar 2016 01:51:34 GMT > Content-Type: text/html > Content-Length: 10167 > Last-Modified: Tue, 09 Feb 2016 15:56:55 GMT > Accept-Ranges: bytes > Vary: Accept-Encoding > X-Cache: MISS from livestream.tceo > X-Cache-Lookup: MISS from livestream.tceo:3128 > Via: 1.1 livestream.tceo (squid/3.5.13) > Connection: close > > <content remove for brevity> > > real 0m16.339s > user 0m0.000s > sys 0m0.002s > > 4. Reverse DNS lookups for both DNS servers > > # dig -x 192.231.203.3 > > ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6 <<>> -x 192.231.203.3 > ;; global options: +cm > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31360 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 8 > > ;; QUESTION SECTION: > ;3.203.231.192.in-addr.arpa. IN PTR > > ;; ANSWER SECTION: > 3.203.231.192.in-addr.arpa. 149 IN PTR > resolv2.internode.on.net. > > ;; AUTHORITY SECTION: > 203.231.192.in-addr.arpa. 149 IN NS ns4.on.net. > 203.231.192.in-addr.arpa. 149 IN NS ns3.on.net. > 203.231.192.in-addr.arpa. 149 IN NS ns1.on.net. > 203.231.192.in-addr.arpa. 149 IN NS ns2.on.net. > > ;; ADDITIONAL SECTION: > ns1.on.net. 13301 IN A 203.16.213.172 > ns1.on.net. 4681 IN AAAA 2001:44b8:f020:ff00::80 > ns2.on.net. 13906 IN A 192.231.203.2 > ns2.on.net. 12151 IN AAAA 2001:44b8:8020:ff00::80 > ns3.on.net. 13407 IN A 150.101.197.131 > ns3.on.net. 4681 IN AAAA 2001:44b8:b070:ff00::80 > ns4.on.net. 13374 IN A 192.231.203.4 > ns4.on.net. 9533 IN AAAA 2001:44b8:8060:ff00::80 > > ;; Query time: 23 msec > ;; SERVER: 192.231.203.3#53(192.231.203.3) > ;; WHEN: Fri Mar 4 12:59:02 2016 > ;; MSG SIZE rcvd: 330 > > # dig -x 172.16.100.5 > > ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6 <<>> -x 172.16.100.5 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35335 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;5.100.16.172.in-addr.arpa. IN PTR > > ;; AUTHORITY SECTION: > 16.172.in-addr.arpa. 86400 IN SOA localhost. root.localhost. 1 > 604800 86400 2419200 86400 > > ;; Query time: 21 msec > ;; SERVER: 192.231.203.3#53(192.231.203.3) > ;; WHEN: Fri Mar 4 12:59:14 2016 > ;; MSG SIZE rcvd: 93 > > --- > > Was there there anything else I missed? " squidclient mgr:idns " may have more info about the DNS lookups. eg whether Squid is having to retry often or such. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
