devzero@xxxxxx wrote:
weird, i don`t see any listeing socket with squidclient - i would have expected 3128 and 34810 here !?
So did I. Mine shows them. Should have 0.0.0.0.0 (last .0 is port).
Maybe it is slightly different in 2.x than 3.0 in this regard.
yes, seems so.
i updated to latest release and now i see
Active file descriptors:
File Type Tout Nread * Nwrite * Remote Address Description
---- ------ ---- -------- -------- --------------------- ------------------------------
0 Log 0 0 0 stdin
1 Log 0 0 0 stdout
2 Log 0 0 0 stderr
3 Log 0 0 0 /usr/local/squid/var/logs/cache.log
6 Socket 0 603 353 .0 DNS Socket
7 File 0 0 8828 /usr/local/squid/var/logs/access.log
8 Pipe 0 0 0 unlinkd -> squid
9 File 0 0 2607 /usr/local/squid/var/logs/store.log
10 File 0 0 104 /usr/local/squid/var/cache/swap.state
11 Pipe 0 0 0 squid -> unlinkd
12 Socket 1440 70 0* 10.0.0.60.38093 Reading next request
13 Socket 0 0 0 .0 HTTP Socket
17 Socket 0 2667* 44096 10.0.0.10.2531 Waiting for next request
vmhost:/usr/local/squid/bin # netstat -anp |grep squid
tcp 0 0 10.0.0.60:3128 0.0.0.0:* LISTEN 8552/squid
udp 0 0 0.0.0.0:34838 0.0.0.0:* 8552/squid
unix 2 [ ] DGRAM 393925789 8552/squid
Anyway, despite the missing port numbers:
cache_object://... is squidclient getting the list itself
that leaves only DNS and HTTP listener TCP/UDP Sockets
and the two unlinkd pipes (listed as unix by netstat).
So it does appear to be DNS.
Squid will drop any packets received from NS not listed either in
dns_nameservers in squid.conf, or in resolv.conf as your local ones.
so, let me repeat:
squid is opening an extra upd socket for ICP,HTCP, syslog and DNS.
udp_incoming_address and udp_outgoing_address are relevant config
params for this.
we can`t get rid of this port because we would break DNS for squid.
I got the bit about syslog being involved wrong. But the rest is correct.
#udp_incoming_address is used for the ICP socket receiving packets
# from other caches.
So this is just half of the truth because it is relevant not only for ICP, but
for DNS, too , correct ?
should "we" fix this in the docs ? (unfortunately, i cannot give much input)
Thats OK. I've kicked the process off already in squid-dev. Its just a
meter of whether its a doc-only or deep code fix.
btw - any reason why squid doesn`t use host resolver routines for DNS lookup ?
(i.e. something like gethostbyname() etc, so this would also get cached by nscd ....)
Squid can't do that internally as it blocks the whole app on each lookup.
You can compile with --disable-internal-dns. That builds a fast external
helper that calls gethostbyname() for squid and passes the results back
without blocking other requests.
Amos
