On 2016-11-22 21:07, Jiann-Ming Su wrote:
Is there a way to set the timeout on a bad connection?
Yes, you can use 'connect_timeout' [1] directive.
When watching tcpdump on the two IPs, I did not see my squid instance try the other IP automatically. I had to refresh my web browser connection multiple times. This also indicates some DNS caching persistence. Are there other DNS settings that can improve this behavior?
I believe Squid is configured for interception in your environment. In this case DNS resolution is performed on a client side and Squid uses resolved by the client destination IP address to connect to origin. In interception mode, Squid performs DNS resolution just to prevent Host forgery attack [2].
If you configure the clients explicitly, Squid will mark bad IP addresses and will avoid their use. It this case, you can use 'squidclient mgr:ipcache' [3] to monitor resolved by Squid IP addresses and their status.
[1] http://www.squid-cache.org/Doc/config/connect_timeout/ [2] http://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery [3] http://wiki.squid-cache.org/Features/CacheManager/IpCache Garri _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
