On 02/05/2011 12:32, Jannis Kafkoulas wrote:
Thanks for the hint!
I'll check it too.
I think, we should also replace the ip dsts within all of the intermediate
caches by domain names
thus saving all of the unnecessary dns lookups (about 80% --> Internet).
i dont know about the amount of traffic and your system size but if you
will make statistics (and it can be done)
about your dns traffic you will might find that it's not as much as you
think (can be good or bad).
you can force squid to cache dns lookups for longer time but you better
not try it unless your users have usage of
a almost non changing dns -> ip.
most of the dynamic sites like google search have pretty stable and
static ip\dns but there are many distant sites that
will use 24 + dynamic ip's every day.
so if it's not this specific case and your network doesnt have a
connection with such dynamic domains i think you can increase
the dns cache leases\ttl\timeout\validation on squid or you dns caching
server.
it will be much more efficient in many cases rather using
unreadable\understanble acls\rules.
Regards
Eliezer
Yes, we have a local caching dns.
----- Ursprüngliche Mail ----
Von: Eliezer Croitoru<eliezer@xxxxxxxxxxxxxxxxxx>
An: squid-users@xxxxxxxxxxxxxxx
Gesendet: Samstag, den 30. April 2011, 12:39:56 Uhr
Betreff: Re: AW: AW: AW: Does any cache in a proxy chain but the
last one need to resolve URLs?
On 30/04/2011 11:58, Jannis Kafkoulas wrote:
OK, I see!
Thanks very much!
dont you have a local caching dns?
if you dont it's one of the basics recommendations.
and another good thing is to change the udp and tcp times on the linux
kernel\sysctl.
i dont remember the basic TCP settings for close_wait and others but they are
way too much for any usage i know.
also the udp ones are way to high for dns and other services and a faster
network then a 5 MB.
Eliezer
