Hi All, During analysing DNS traffic from 22 2.6.STABLE21 Squids I have noticed that there is a substantial number of queries where Squids try to resolve hostname of its peers. All of the boxes run as independent servers, without shared cache. My question is why they need IP of others Squids, and where did they get hostname of them? Servers run only Squid daemon, so there isn't any www or any other extra service on them. We use Cisco ACE hardware load balancer, where all of the Squids are represented by 1 IP. I am attaching below sample of squid.conf: http_port x.x.x.x:3128 http_port 127.0.0.1:3128 visible_hostname proxy.xxx.uk.com cache_mgr xxx@xxxxxxxxx hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY #----Cache Parameters---- cache_dir aufs /cache/disk1 56000 16 256 cache_mem 512 MB cache_swap_low 93 cache_swap_high 95 cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF maximum_object_size 20 MB minimum_object_size 0 KB maximum_object_size_in_memory 48 KB store_avg_object_size 32 KB memory_pools off log_icp_queries off max_filedesc 16384 #----DNS Parameters---- hosts_file /etc/hosts dns_nameservers x.x.x.x y.y.y.y z.z.z.z ipcache_size 250000 fqdncache_size 4096 ipcache_low 90 ipcache_high 95 positive_dns_ttl 6 hours negative_dns_ttl 30 minutes #----Logging Parameters---- cache_log /var/log/squid/cache.log cache_store_log none cache_access_log none debug_options ALL,1 5,2 59,2 63,2 77,2 error_directory /usr/share/squid/errors/English #----Rewriter/Redirector Parameters--- #url_rewrite_program /usr/local/netsweeper/bin/redir -f http://x.x.x.x:8080/webadmin/deny/unavail.php -P3429 x.x.x.x url_rewrite_program /usr/local/netsweeper/bin/pcf_redir.pl url_rewrite_children 128 #----Authentication Parameters---- # Setup Proxy Authentication (default disabled) # auth_param basic program /usr/local/netsweeper/auth/radius_attr example.radius.svr:1812 secret auth_param basic children 5 auth_param basic realm NetSweeper Authentication Required auth_param basic credentialsttl 2 hours #----Connection Time Out Parameters---- shutdown_lifetime 30 seconds half_closed_clients off quick_abort_min 0 KB quick_abort_max 0 KB negative_ttl 30 minutes #----Global ACLs---- #------- we don't have any of Squids IPs/names in any of ACLs --------# .... .. .. Regards Dariusz ---------------------------------------------------------------------------------------------------------- Synetrix Holdings Limited Tel: +44 (0)1252 405 600 www.synetrix.co.uk Synetrix (Holdings) Limited is a limited company registered in England and Wales. Registered number: 0349 1956. VAT number: GB776 1259 07. Registered office: Synetrix (Holdings) Ltd, 17-19 Rochester Row, London, SW1P 1QT. IMPORTANT NOTICE: This message is intended solely for the use of the Individual or organisation to whom it is addressed. It may contain privileged or confidential information. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you should not use, copy, alter, or disclose the contents of this message. All information or opinions expressed in this message and/or any attachments are those of the author and are not necessarily those of Synetrix Holdings Limited. Synetrix Holdings Limited accepts no responsibility for loss or damage arising from its use, including damage from virus.
