Thanks for the explanation Amos, However, does this domain work for you? I tried on various network and none returns anything beside NXDOMAIN. I think it it just some weird webpage that has outdated reference. Knowing squid didn't block or retrying is reassuring, however can you help to decipher this message? 2012/09/16 19:22:06 kid1| Failed to select source for '[null_entry]' 2012/09/16 19:22:06 kid1| always_direct = 1 2012/09/16 19:22:06 kid1| never_direct = 0 2012/09/16 19:22:06 kid1| timedout = 0 Cheers. On Sun, Sep 16, 2012 at 7:16 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 17/09/2012 12:52 p.m., 叶雨飞 wrote: >> >> Using squid 3.2 and I frequently see such problem: >> >> 2012/09/16 17:49:02 kid1| Failed to select source for >> >> 'http://www.googleads.g.doubleclick.net/pagead/viewthroughconversion/1033191019/?value=0&label=LDO7CJ2XvwMQ6_zU7AM&guid=ON&script=0' >> 2012/09/16 17:49:02 kid1| always_direct = 1 >> 2012/09/16 17:49:02 kid1| never_direct = 0 >> 2012/09/16 17:49:02 kid1| timedout = 0 >> >> Note that this is actually an NXDOMAIN error , > > > No this is an "Failed to select source" error. Squid is unable to locate > *any* source for the request to be fetched from. DNS lookup (DIRECT request) > is only one of several types of sources Squid is trying to locate. > > The fact that you configured always_direct to be '1' (ALLOW) and NXDOMAIN > occured when doing so is a separate error which caused this "Failed to > select source". > > > >> however I would like to >> make squid not retry and fail fast and don't print these out, what >> config directive do I need? > > > What you describe wanting to happen is what Squid is already doing... > > ... Squid Receives an HTTP request. > ... Looks up destination sources where it can be retrieved (cache, peers, > DNS records). > ... None found. > ... Print that message to your log (at IMPORTANT messages level) > ... Send NXDOMAIN error page back to the client (since it is the most > specific problem of the two). > > Things to note: > * Retry is not happening. There are ZERO destinations which can be tried to > start with, so nothing to *re*-try. > > * Fast failure is dependent on how fast the DNS response comes back. > > * To not print them out you set the debug_options level to ALL,0 (critical > only messages). > > > BTW you need to fix your DNS service, Google is a major service. It is > doubtful their DNS is returning NXDOMAIN for that query. > Use dstdomain ACL in Squid to block requests if you are trying to blacklist > it as an advertising source. > > Amos >
