Well, whichever route you decide to use, Squid in general is _very_ DNS dependant, so you need to make sure it can access DNS somehow without any delay or timeouts. Everyone's situation may differ, even from site to site (branch office to office) within the same company. Basically, you just need to use BIND's DNS tools to try and figure out where the problems lie, like whether there is a broken DNS server somewhere that you are referencing. >>> <childrenofchaos@xxxxxxxxxx> 4/13/2011 4:40 PM >>> Hey, currently itÂs configured as: forward to ISP DNS and many more free dns server like google (8.8.8.8). Before i setup an own dns (bind) i used only dns proxy: iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to-destination 192.168.0.1:53 and the same with the tcp protokoll. (192.168.0.1 = Router with pppoe connect and dynamic dns "push" from isp) than, as the issues occour i setup the bind dns, and now i think the problems occour much more as before. The strange thing is, setup runs for a long time without any problems oO thanks > -----UrsprÃngliche Nachricht----- > Von: Chad Naugle > Gesendet: Mi. 13.04.11 (22:31) > An: childrenofchaos@xxxxxxxxxx > Kopie: squid-users@xxxxxxxxxxxxxxx > Betreff: RE: Re: Squid 2.7 + SquidGuard + Squidclamav > > Does your "internal" DNS configuration use the root method, or does > it > forward to your ISP's DNS? I've noticed strange behavior (Notably > DNS > timeouts) recently with using the "root method" at one of my branch > offices, and had to ditch it for the ISP "forwarders" ... In my > case, > it seemed to have something to do with IPv6 results from the root > servers, and it was causing BIND to timeout, but the second query of > the > same website came back instantly. > > >>> 4/13/2011 4:21 PM >>> > hey, > > i did that already :( > and now i get the same error on my on squid maschine > canÂt see anything in the logfiles > > > -----UrsprÃngliche Nachricht----- > > Von: Chad Naugle > > Gesendet: Mi. 13.04.11 (22:03) > > An: childrenofchaos@xxxxxxxxxx, squid-users@xxxxxxxxxxxxxxx > > Betreff: Re: Squid 2.7 + SquidGuard + Squidclamav > > > > Personally, I would setup a caching-only instance of BIND on the > > proxy, > > and using that for DNS, or using your "internal" DNS system on your > > network, rather than depending on an outside source for all of your > > DNS. > > > > >>> 4/13/2011 3:06 PM >>> > > Hey, > > > > The configuration listet above, runs longer 1 year without an > probs. > > Now we get the Squid Message: Timeout - DNS Error. > > > > first step i tried: dig google.de from the squid maschine. No > probs. > > i saw in the cache.log that all url_rewrite_children are busy, so i > > screwd em up from 8 to 16. > > > > Okey one Day later: DNS Error, and at this Time, no prob with the > > url_rewrite_children. > > now i added some dns Server and the google dns Server (8.8.8.8) > which > > should be up, and what i recieved today :/ > > dns Error. > > After squid restart all works fine, no probles comes up in the logs > > (in > > all logs) but after a day, the messaged blow up again. > > > > now i added dns_nameserver in the squid.conf but no idea any more? > > > > thanks for spending time on this. > > > > > > > > > > --- > > freenetMail - Der zuverlÃssige E-Mail-Dienst von freenet.de > > Jetzt > > http://mail.freenet.de/produkte/basic/index.html?pid=10111947018 > > mit 1 GB Speicher und Profi-Spamschutz sichern! > > > > > > Travel Impressions made the following annotations > > ------------------------------------------------------------- > > "This message and any attachments are solely for the intended > > recipient > > and may contain confidential or privileged information. If you are > > not > > the intended recipient, any disclosure, copying, use, or > distribution > > of > > the information included in this message and any attachments is > > prohibited. If you have received this communication in error, > please > > notify us by reply e-mail and immediately and permanently delete > this > > message and any attachments. > > Thank you." > > > > > > -----UrsprÃngliche Nachricht Ende----- > > > > > --- > freenetMail - Der zuverlÃssige E-Mail-Dienst von freenet.de > Jetzt > http://mail.freenet.de/produkte/basic/index.html?pid=10111947018 > mit 1 GB Speicher und Profi-Spamschutz sichern! > > > Travel Impressions made the following annotations > ------------------------------------------------------------- > "This message and any attachments are solely for the intended > recipient > and may contain confidential or privileged information. If you are > not > the intended recipient, any disclosure, copying, use, or distribution > of > the information included in this message and any attachments is > prohibited. If you have received this communication in error, please > notify us by reply e-mail and immediately and permanently delete this > message and any attachments. > Thank you." > > > -----UrsprÃngliche Nachricht Ende----- --- freenetMail - Der zuverlÃssige E-Mail-Dienst von freenet.de Jetzt http://mail.freenet.de/produkte/basic/index.html?pid=10111947018 mit 1 GB Speicher und Profi-Spamschutz sichern! Travel Impressions made the following annotations ------------------------------------------------------------- "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you."
