-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I just added google.co to /etc/hosts on the squid machine and did a squid -k reconfigure. Browsers still become unresponsive for about 5 minutes when going to a non existent domain including google.co But if I go to say, google.com/randomthinger___ it returns an error right away. This is what leads me to believe it is a DNS issue. Bind-tools lookups using dig or nslookup (free BSD 6 OS) work fine. Squid is configured to use internal dns. I intend to test it with external DNS this weekend. I believe I read that I attempted to telnet to 3128 on the box and manually issue an HTTP get to see if maybe the www browser has some kind of issue. I used: telnet squid 3128 GET http://www.google.com/index.html HTTP/1.1 But we use authentication and I don't know how to supply credentials via telnet (maybe someone here does). I'm guessing that to avoid sending a password in clear text there is some complexity involved here. I don't have time now, but perhaps this weekend I will try writing a web client in Perl which uses the proxy...I think there is a CPAN module for this. I'm not sure if this will help, as browsers do not exhibit this behavior when not using the proxy. Here are the dns stats: The Queue: DELAY SINCE ID SIZE SENDS FIRST SEND LAST SEND - ------ ---- ----- ---------- --------- Nameservers: IP ADDRESS # QUERIES # REPLIES - --------------- --------- --------- 127.0.0.1 45 45 4.2.2.2 0 0 Rcode Matrix: RCODE ATTEMPT1 ATTEMPT2 ATTEMPT3 0 96058 3 1 1 0 0 0 2 17 14 13 3 572 0 0 4 0 0 0 5 0 0 0 After a bad request I do indeed see a corresponding TCP_MISS/503 error in the access.log file. I guess I would be really suprised if our network is so unique that no one else has seen this type of problem :P If there is any other diagnostic output or debug info that I can provide to help with this I will do so, but I don't know what is relevant. Thanks again, - -Jonathan Mark Elsen wrote: >> >> We are using Squid 2.5.12_1 to proxy www traffic. When a user with >> IE or the latest Firefox from a Windows XP pro machine types a >> domain that does not exist such as google.co the browser hangs for >> several minutes before returning a squid error message to the effect >> of 'this domain cannot be resolved' >> >> Is this a DNS timeout issue that can be changed in the squid config? >> > > - Checkout the DNS stat's in squid's Cachemgr ; watchout for > potential problems in there. > > M. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEGxjyT9O5WJm10e8RAor5AJ9MeYOfa7nZ4nKeznl4Av3SD6AhtACfSEwu bx3fY0pJfuX3Utn8SFP1gmg= =wLuZ -----END PGP SIGNATURE-----
