On 27/10/11 18:25, Amos Jeffries wrote:
On 27/10/11 18:07, Brett Lymn wrote:
On Thu, Oct 27, 2011 at 03:28:49PM +1030, Brett Lymn wrote:
I'm still very suspicious that it is making use of HTTP/1.1 features
badly. The difference between 2.x and 3.1 is that 2.x advertise
HTTP/1.0
to the server and passes the result back as HTTP/1.0 to the browser.
But
3.1 advertises HTTP/1.1 abilities to the server and passes it back to
the client browser with HTTP/1.0, most features are passed straight
through, but some are down-mapped to HTTP/1.0 (chunked encoding and
100-continue responses are stripped).
Sorry, just another relevant point, the squid 3.1.15 machines don't have
direct access to the internet, they are using a squid 2.7 stable 6 as a
parent proxy - so, if I understand things correctly, http/1.1 features
shouldn't be being seen by the external site?
Aha. Yes, correct.
Start thinking straight. If the requests are goint to a parent proxy
there is no normal reason for the 3.1 proxy to be doing DNS anyways. The
DNS problems would be from the 2.7 machine.
(unless you have configured the 3.1 in such a way that it need to
perform DNS checks to verify something).
Which only leaves the DNS thing.
I get these results:
time host -t AAAA www.my.commbank.com.au
;; connection timed out; no servers could be reached
real 0m14.276s
user 0m0.000s
sys 0m0.000s
time host -t A www.my.commbank.com.au
www.my.commbank.com.au has address 140.168.70.21
real 0m0.034s
user 0m0.000s
sys 0m0.020s
Squid-3.1 has 30-60 second DNS lookup timeout.
Sorry, worst case is a 30 second to 4 minute timeout once 2.7 timeout +
3.1 timeout are added.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.16
Beta testers wanted for 3.2.0.13
