On 15/04/2015 1:34 a.m., Baird, Josh wrote: > Hi, > > We recently started having problems where our Squid 2.6 (squid-2.6.STABLE21-6.el5) proxy servers would stop serving requests. In my cache.log, I see many of these: > > 2015/04/14 01:13:45| Failure Ratio at 26.15 > 2015/04/14 01:13:45| Going into hit-only-mode for 5 minutes... > 2015/04/14 01:18:46| Failure Ratio at 3.55 > 2015/04/14 01:18:46| Going into hit-only-mode for 5 minutes... > 2015/04/14 01:23:46| Failure Ratio at 1.02 > 2015/04/14 01:23:46| Going into hit-only-mode for 5 minutes... > ... > 2015/04/14 06:50:58| idnsSendQuery: Can't send query, no DNS socket! > 2015/04/14 06:50:58| idnsSendQuery: Can't send query, no DNS socket! > 2015/04/14 06:50:58| idnsSendQuery: Can't send query, no DNS socket! > 2015/04/14 06:50:58| idnsSendQuery: Can't send query, no DNS socket! > > I suspect this is the problem - the proxy is running out of DNS sockets. I have already determined that there are not problems with the DNS servers that these proxies are using (in their /etc/resolv.conf). Could this be caused by a bad user chewing up DNS sockets/children with invalid URL requests? > The older the proxy the more ways there are to perform Denial of Service by consuming all the port and sockets on the *entire* server Squid runs on. Probably one of those happening to you. > The "going into hit-only-mode" errors appear to be ICP related? In this case, I believe we have ICP completely disabled: > > # icp_access allow allowed_src_hosts > # icp_access deny all_src You would be wrong. This is how to disable ICP receiving: icp_port 0 On the senders you change the cache_peer lines to set the icp-port parameter (the second port number) to 0. > > Could anyone offer any suggestions or advice to help figure out what is causing these problems? 1) upgrade. 2) seriously, upgrade. 3) try adding "via on" to your squid.conf. If you start to get warnings about forwarding loops its working. Otherwise you got big problems - see (2). Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
