Thanks for all the pointers :) I figured it out. Seamless.com's PTR lookups are slow and end up in SERVFAIL. And that was causing the delay here. I purged that ACL and it's all good.
-----Original Message----- From: Amos Jeffries <squ...@treenet.co.nz> Sent: Friday, February 15, 2019 9:24 AM To: Ahmad, Sarfaraz <sarfaraz.ah...@deshaw.com>; squid-users@lists.squid-cache.org Subject: Re: [squid-users] High response times with Squid On 14/02/19 11:38 pm, Ahmad, Sarfaraz wrote: > Hi again, > I made some progress on this. > To reiterate, I am peeking at the SNI and then bump all connections to > the origin server in context of this problem. ( the origin server is > seamless.com ) > > Here are the new findings , > 1) The 20sec lag is noticed even when I splice the connection. > 2) It 99% has to do with the following slow ACL acl. > > acl deny_explicit_dstdomain dstdomain > "/etc/squid/acls/deny_explicit_dstdomain" > > I see PTR lookups failing when Squid tries to validate my ACLs. When I > disable that ACL, the 20second lag is gone. So I am pretty confident that > subsequent PTR lookups are causing the delay here. > I don't see a configuration directive with which I can configure how many > times Squid retries the lookup. > I see one that sets the timeout though (dns_timeout defaults 30 seconds). > > Could you guys give me some pointers on what could be happening here ? Only repeat back to you what you have described to us ... DNS PTR lookups are slow. Your squid.conf is needed to know where those lookups are happening and see if any can be avoided. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
