Your DNS responses were similar to what I saw on those same domains, but how is squid querying DNS, it can be set different than the host DNS servers that dig would be using. Do you have any of the following options set in your squid.conf? If so what are they set to? DNS OPTIONS ----------------------------------------------------------------------------- * check_hostnames * allow_underscore * cache_dns_program * dns_children * dns_retransmit_interval * dns_timeout * dns_defnames * dns_nameservers * hosts_file * dns_testnames * append_domain * ignore_unknown_nameservers * ipcache_size * ipcache_low * ipcache_high * fqdncache_size Also if you haven't already, setup cachemgr.cgi, look at the general runtime information page, and see what the median service times are reporting for DNS Lookups. Also look at the IP Cache statistics, that will show you all cached domains, those should not have the delay when accessing them if It is purely a DNS issue causing the performance hit. Thanks, Dean Weimer Network Administrator Orscheln Management Co -----Original Message----- From: GARDAIS Ionel [mailto:Ionel.Gardais@xxxxxxxxxxxxxxxxxx] Sent: Friday, June 06, 2008 2:56 PM To: Henrik Nordstrom Cc: Squid Users Subject: RE : [squid-users] performances ... again Okay ... It's been the hardest 20 minutes of the day : find a few domain names that "should" have not been accessed and cached by our DNS. Well, from Paris, France, time given by dig stats : - mana.pf (French Polynesia, other side of the Earth, satellite link) : around 700ms - aroundtheworld.com, astaluego.com, apple.is, dell.nl, Volvo.se : between 100 and 150ms - nintendo.co.jp, Yamaha.co.jp, pioneer.co.jp : around 300ms Cached entries are returned in less than 1ms. Ionel -----Message d'origine----- De : Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] Envoyé : vendredi 6 juin 2008 21:05 À : GARDAIS Ionel Cc : Squid Users Objet : Re: performances ... again On fre, 2008-06-06 at 14:37 +0200, Ionel GARDAIS wrote: > I got a user (whom I can trust) who uses an explicit proxy configuration > : there are no improvments. Ok. Then it's at the proxy, or the DNS servers it uses. Remember that to diagnose DNS slowness you need to query for hosts and domains which has not yet been visited, as the DNS server also caches a lot. Lookups of already visited domains/hosts is not valid as proof to say that the DNS is fine.. > I tried to avoid use of calls which cause DNS lookups (hence the > host.match() and host.indexOf() ). Good. Regards Henrik