On Wed, 7 Sep 2005, Chris Knipe wrote:
Quick question... Can someone explain to me HOW does squid cache DNS, and how
to avoid it?
Squid keeps seen DNS responses for their TTL, balancing between the known
IP addresses using round-robin. If one address does not respond then this
is marked bad and is not used until the DNS entry is refreshed.
We switch between a couple of live servers via DNS, bind9 and squid 2.5....
Uhm... We have the following:
webserver1 IN 86400 A <IP>
webserver2 IN 86400 A <IP>
webserver3 IN 86400 A <IP>
www IN 1 CNAME webserverX
Now, bind9 runs with query logging as well. Squid uses the correct
nameserver for queries (as indicated by cache.log), but named's query log,
indicates NO queries being made from the Squid IP address (Bind + Squid on
the same server).
Squid uses whatever name server you have in /etc/resolv.conf, with a
source address per normal routing..
What's my solution here???? Surely, Squid MUST honour the DNS TTL on the
CNAME??????
Good question which TTL it uses in such case. From what it looks inthe
source it ignores the TTL of the CNAME record and uses the TTL of the A
record. Obviously it should use the least of the two... Please file a bug
report on this.
Why it is not honouring the positive/negative_dns_ttl either????
It does. These directives sets the upper and lower bound on the TTL of DNS
responses.
How can I avoid squid to cache DNS completely???
You can't. There needs to be at least one seconds cache. If not it would
end up in situations where requests can not be forwarded as the DNS entry
is always stale..
Regards
Henrik
