Stefan Baur wrote:
Hi list,
I'm not sure if this is a squid issue - probably not - but since the FAQ
mentions proxy autoconfiguration files in quite some detail, I'm hoping
that the folks that came up with the examples in the FAQ are reading
along and might provide some insight on my issue, or maybe even a solution.
I'm using Iceweasel (Debian Lenny's rebranded Firefox) 3.0.6-3,
Squid 2.7.STABLE3-4.1lenny1, and the following proxy autoconfiguration
file:
function FindProxyForURL(url, host) {
if (
isPlainHostName(host) ||
isInNet(host, "192.168.0.0", "255.255.0.0") ||
isInNet(host, "172.16.0.0", "255.240.0.0") ||
isInNet(host, "10.0.0.0", "255.0.0.0")
)
{
return "DIRECT";
// This excludes plain host names
// (WINS, non-FQDNs) as well as the IP ranges
// 192.168.0.0-192.168.255.255,
// 172.16.0.0-172.31.255.255 and
// 10.0.0.0-10.255.255.255
// from the proxy service
// (needed as the proxy is in the DMZ
// and can't fetch pages from internal
// addresses)
} else {
return "PROXY proxy.ip.here:8080;DIRECT";
// Everything else should go through the proxy
}
}
What happens is that as soon as an URL with a non-existent DNS name is
entered, the browser locks up for almost 90 seconds before it displays
Squid's DNS error message (ERR_DNS_FAIL).
I tried changing
return "PROXY proxy.ip.here:8080;DIRECT";
to
return "PROXY proxy.ip.here:8080";
as I thought it might freeze until it gets some sort of time out in the
"DIRECT" part.
That wasn't the case, though.
I also tried removing the isPlainHostName part, in case it would do some
sort of lookup that causes the delay, but that didn't help, either.
(I closed the browser between those attempts, so it wouldn't cache the
old config file somewhere.)
However, when I don't use the autoconfiguration file, but rather enter
the data directly in Iceweasel's proxy configuration screen
(Edit/Preferences/Advanced/Network/Connection: Settings), the
ERR_DNS_FAIL page upon hitting an invalid DNS name shows up instantly.
The Wiki/FAQ at
<http://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers#Partially_Automatic_Configuration>
suggests using
if (!isResolvable(host))
return "DIRECT";
This probably won't work in my case, as none of my clients have access
to the "real" DNS (the DNS server they know only resolves internal
names, and that is intentional), so they'd always try to avoid the proxy
as they can't resolve any host name.
Yes.
Also, working the opposite way, as in this example from
<http://docs.sun.com/app/docs/doc/820-1652/adysm?a=view>,
function FindProxyForURL(url, host)
{
if (isPlainhost name(host) ||
isResolvable(host))
return "DIRECT";
else
return "PROXY proxy.ip.here:8080";
}
it still shows the freeze/lockup issue.
Any suggestions on how I can use an autoconfiguration file and still get
timely ERR_DNS_FAIL replies?
With your stated environment where clients cannot resolve non-local
domains I'd go for just:
{
if (isResolvable(host))
return "DIRECT";
else
return "PROXY proxy.ip.here:8080";
}
That way the local domains (which are resolvable) get used directly. And
everything else is up to whether the proxy can resolve it or not.
If you still hit lockup with the above, I'd then look at how long the
local DNS resolver is taking to reject non-resolvable requests. If its
just dropping them the client will fallback to a full DNS timeout
(somewhere between 30 seconds and five minutes) before even attempting
the proxy.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE8 or 3.0.STABLE24
Current Beta Squid 3.1.0.17
