On 18/07/2016 12:21 p.m., B. Henry wrote: > Here's is what I have in my working squid.conf related to dns. > Note that the dns children entry is commented out as when I try and use any value this breaks things and I can't use the server at all. > > positive_dns_ttl 3 hours > Best Practice for DNS is servers should use a TTL of 24hrs. Squid default is already reducing that to 6hrs. > > #dns_children 7 > That setting requires that you have built Squid to use a custom DNS plugin instead of doing DNS the normal way. If you have the default Ubuntu package like I suspect you do. Then Squid is built to use DNS the normal way. > dns_timeout 90 seconds > > #dns_nameser 208.67.222.2224.2.2.4 > Two problems with this one: * "dns_nameser" is not an existing directive. * "208.67.222.2224.2.2.4" is not an IP address, despite the dots. Note that if you *dont* list the dns_nameservers directive. Then your machines normal /etc/resolv.conf settings are used by Squid instead of any other DNS settings you might have Using /etc/resolv.conf is really the best way to go as it allows your networks auto-configuration to setup Squid properly with whatever the local DNS systems are supposed to be using. > This is squid 3.1.19 on ubuntu 12.04 64bit server. It's a openvz vps, not baremetal if that counts for anything. > > it uses two other google dns servers actually, so I defined the proxy to use an opendns and one google dns server, same ones I usually use on my local > hardware. Best Practice is to setup a local DNS recursive resolver, so all your systems can use it. That resolver can use the Google, Open DNS resolvers if you want. This ensures that regardless of where the results came from they are consistent across your network. That consistency becomes a critical need if you do interception with Squid. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
