> You can compile with --disable-internal-dns. That builds a fast external > helper that calls gethostbyname() for squid and passes the results back > without blocking other requests. fantastic ! i recompiled with that option and afterwards the open port is gone automatically without touching the .conf and now being "replaced" by 5 dnshelper processes. i assume this won`t probably perform as good as before, but that doesn`t matter for me. many thanks Amos ! Roland > > devzero@xxxxxx wrote: > >>> weird, i don`t see any listeing socket with squidclient - i would have expected 3128 and 34810 here !? > >> So did I. Mine shows them. Should have 0.0.0.0.0 (last .0 is port). > >> Maybe it is slightly different in 2.x than 3.0 in this regard. > > > > yes, seems so. > > i updated to latest release and now i see > > > > Active file descriptors: > > File Type Tout Nread * Nwrite * Remote Address Description > > ---- ------ ---- -------- -------- --------------------- ------------------------------ > > 0 Log 0 0 0 stdin > > 1 Log 0 0 0 stdout > > 2 Log 0 0 0 stderr > > 3 Log 0 0 0 /usr/local/squid/var/logs/cache.log > > 6 Socket 0 603 353 .0 DNS Socket > > 7 File 0 0 8828 /usr/local/squid/var/logs/access.log > > 8 Pipe 0 0 0 unlinkd -> squid > > 9 File 0 0 2607 /usr/local/squid/var/logs/store.log > > 10 File 0 0 104 /usr/local/squid/var/cache/swap.state > > 11 Pipe 0 0 0 squid -> unlinkd > > 12 Socket 1440 70 0* 10.0.0.60.38093 Reading next request > > 13 Socket 0 0 0 .0 HTTP Socket > > 17 Socket 0 2667* 44096 10.0.0.10.2531 Waiting for next request > > > > vmhost:/usr/local/squid/bin # netstat -anp |grep squid > > tcp 0 0 10.0.0.60:3128 0.0.0.0:* LISTEN 8552/squid > > udp 0 0 0.0.0.0:34838 0.0.0.0:* 8552/squid > > unix 2 [ ] DGRAM 393925789 8552/squid > > > > > >> Anyway, despite the missing port numbers: > >> cache_object://... is squidclient getting the list itself > >> that leaves only DNS and HTTP listener TCP/UDP Sockets > >> and the two unlinkd pipes (listed as unix by netstat). > >> > >> So it does appear to be DNS. > >> > >> Squid will drop any packets received from NS not listed either in > >> dns_nameservers in squid.conf, or in resolv.conf as your local ones. > > > > so, let me repeat: > > squid is opening an extra upd socket for ICP,HTCP, syslog and DNS. > > udp_incoming_address and udp_outgoing_address are relevant config > > params for this. > > > > we can`t get rid of this port because we would break DNS for squid. > > > > I got the bit about syslog being involved wrong. But the rest is correct. > > > #udp_incoming_address is used for the ICP socket receiving packets > > # from other caches. > > > > So this is just half of the truth because it is relevant not only for ICP, but > > for DNS, too , correct ? > > should "we" fix this in the docs ? (unfortunately, i cannot give much input) > > > > Thats OK. I've kicked the process off already in squid-dev. Its just a > meter of whether its a doc-only or deep code fix. > > > btw - any reason why squid doesn`t use host resolver routines for DNS lookup ? > > (i.e. something like gethostbyname() etc, so this would also get cached by nscd ....) > > Squid can't do that internally as it blocks the whole app on each lookup. > You can compile with --disable-internal-dns. That builds a fast external > helper that calls gethostbyname() for squid and passes the results back > without blocking other requests. > > > Amos > __________________________________________________________________________ Erweitern Sie FreeMail zu einem noch leistungsstärkeren E-Mail-Postfach! Mehr Infos unter http://produkte.web.de/club/?mc=021131
