ons 2010-03-10 klockan 21:18 +0100 skrev Stefan Baur: > > Do the local DNS used by the client promptly reject non-local names? > Yes it does, that's why the browser's behavior surprised me. With what kind of response? dig www.example.com > Entering the Proxy data directly instead of using the pac file makes the > browser return the error page immediately, so the DNS server isn't the > culprit. That config does not ever use DNS, just the proxy. > Also, granting the client DNS (same DNS server, only now supplying > external DNS data as well) and direct web access via the router/firewall > makes the browser respond immediately, too. As expected. My query was how the DNS server reacts on non-local queries when the client is not authorized ot get external DNS data. None of the above tests that.. > I also tried to reproduce the issue with wget, not using a pac file (not > sure if wget would be able to parse one, anyway) but once with > http_proxy=... set and once with --no-proxy. > The response via the proxy was faster and returned a 504 Gateway Timeout > or something like that. Error response from wget without proxy setting should be pretty instant if your DNS is properly configured. > Locking up the entire browser for the time it takes to do three DNS > queries is simply not acceptable, though. Agreed. But in this case those DNS queries should just take a ms at most... all three together. > I think it's safe to say that neither the DNS server involved, nor squid > are at fault here - there seems to be some buggy code in the browser. could be. don't know. Regards Henrik