Hey, How about using a local bind\unbound DNS server that has a forwarding zone defined only for the local domains? For me it's a bit hard to understand the root cause for the issue but this is the best solution I can think about. If you need some help about with bind\unbound DNS configurations just send me an email and I will try to help you with that.
All The Bests, Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -----Original Message----- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of erdosain9 Sent: Friday, September 22, 2017 17:37 To: squid-users@lists.squid-cache.org Subject: [squid-users] Negotiate Authenticator and DNS Hi. Im traying to improve the dns response because im having this times: Negotiate Authenticator Statistics: program: /lib64/squid/negotiate_kerberos_auth number active: 32 of 32 (0 shutting down) requests sent: 72241 replies received: 72241 queue length: 0 avg service time: 56 msec ID # FD PID # Requests # Replies Flags Time Offset Request 16 30 22242 38896 38896 0.368 0 (none) 17 32 22243 13404 13404 0.388 0 (none) 18 38 22244 6962 6962 0.126 0 (none) 19 61 22245 3895 3895 0.344 0 (none) 20 65 22246 2636 2636 0.369 0 (none) 21 74 22247 1879 1879 0.124 0 (none) 22 76 22248 1177 1177 0.340 0 (none) 23 78 22249 809 809 0.307 0 (none) 24 79 22250 592 592 0.364 0 (none) 25 81 22251 436 436 0.265 0 (none) 26 94 22252 320 320 0.244 0 (none) 27 96 22253 243 243 0.243 0 (none) 28 98 22254 184 184 0.299 0 (none) 29 109 22255 142 142 0.285 0 (none) 30 111 22256 112 112 0.308 0 (none) 31 113 22257 85 85 0.308 0 (none) 45 473 22285 69 69 0.789 0 (none) 46 475 22286 60 60 0.756 0 (none) 47 480 22287 52 52 1.504 0 (none) 48 495 22288 48 48 1.611 0 (none) 49 499 22289 44 44 1.611 0 (none) 50 580 22291 36 36 1.598 0 (none) 51 596 22292 31 31 1.099 0 (none) 52 593 22293 26 26 0.916 0 (none) 53 547 22308 20 20 0.916 0 (none) 54 550 22309 18 18 0.602 0 (none) 55 551 22310 14 14 0.397 0 (none) 56 553 22311 12 12 0.567 0 (none) 57 552 22312 12 12 0.567 0 (none) 58 397 22313 11 11 0.567 0 (none) 59 407 22314 10 10 0.584 0 (none) 67 436 22355 6 6 1.035 0 (none) Sometimes much more time, sometimes go to avg service time: 560 msec... Sorry for my ignorance... This Negotiate Authenticator is for users??? i mean this is related to, for example, go to google.com, or is just the time that the user (client pc) wait for be authenticate?? I think, that is related to go to a web (now i have my doubts). so i make a dns with bind. and put that dns in squid config, and let the dns from the AD in second place... but, when i restart this happend: support_resolv.cc(289): pid=24587 :2017/09/22 11:16:35| kerberos_ldap_group: ERROR: Error while resolving service record _ldap._tcp.DOMAIN.LAN with r es_search support_resolv.cc(71): pid=24587 :2017/09/22 11:16:35| kerberos_ldap_group: ERROR: res_search: Unknown service record: _ldap._tcp.DOMAIN.LAN support_resolv.cc(183): pid=24587 :2017/09/22 11:16:35| kerberos_ldap_group: ERROR: Error while resolving hostname with getaddrinfo: Name or service not known support_sasl.cc(276): pid=24587 :2017/09/22 11:16:35| kerberos_ldap_group: ERROR: ldap_sasl_interactive_bind_s error: Can't contact LDAP server support_ldap.cc(957): pid=24587 :2017/09/22 11:16:35| kerberos_ldap_group: ERROR: Error while binding to ldap server with SASL/GSSAPI: Can't contact LDAP server So, this post is for two question. 1- The thing about Negotiate Authenticator (that value what represent?) 2- Can i improve making my own dns (apart from the the dns from the domain)? (i prefer make other dns, than fix the dns from the domain, because i dont manage that). Thanks to all, and sorry for the ignorance, and my bad writing (i dont speak english) -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
