Unfortunately I couldn't find any directives in squid.conf relating to any dns matter. But I have an idea why squid has to set up a nslookup: We use also ip addresses with acls for destinations. So if squid receives an URL name it has to get it resolved first in order to be able to check it against the ip address acl. So probably we can only do without nslookup if we don't use any ip addresses. Does anyone know that? Thanks ----- Ursprüngliche Mail ---- Von: Amos Jeffries <squid3@xxxxxxxxxxxxx> An: squid-users@xxxxxxxxxxxxxxx Gesendet: Donnerstag, den 28. April 2011, 16:21:40 Uhr Betreff: Re: AW: Does any cache in a proxy chain but the last one need to resolve URLs? On 29/04/11 01:56, Jannis Kafkoulas wrote: > Of cource Eliezer, thanks a lot! > > > Yes, of course, I mean dns lookup by resolve. > > (It has been set up by an external company) > > The chain is very simple, just one after the other: > > clients (FF) ---> Squid1 (LAN) ----> Squid2 (somewhere in between) ---> >Squid3 > (at the Internet) > > This chain is being used by the users when accessing the Internet. > It's the same behaviour for any possible URL. > I took just a rare one so I could find it easily in the tcpdump output. > I just checked the squid1 and squid 3 (squid 2 same as squid1). > Squid one contacts the internal dns server which forwards to the root servers. > But the dns answer to the query is not given to the next proxy in the chain, so > it's then useless. > The squid 3 accesses the dns root servers directly and then it forwards the >http > request to the final server. > > The problem might be that the squid 1 also is being used for internal "direct > access", i.e without a parent. > > My question is now, is it possible for the squid to decide when to use a dns > lookup? Yes. DNS "should" not be needed until the stage of setting up the DIRECT TCP connection. It sounds like squid1 has some ACLs or such which are testing DNS things about the request. Find and avoid those and DNS will go away on the chained requests. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.7 and 3.1.12.1
