Sorry for the noise, I was able to find the cause: we use "dstdomain"
ACLs and Squid does reverse lookups.
It seems that Cloudflare DNS servers do not respond to PTR requests, and
since Squid has the default "dns_timeout" value to 30 seconds...:
$ host www.wireshark.org
www.wireshark.org has address 104.25.219.21
www.wireshark.org has address 104.25.218.21
www.wireshark.org has IPv6 address 2400:cb00:2048:1::6819:da15
www.wireshark.org has IPv6 address 2400:cb00:2048:1::6819:db15
$ host 104.25.219.21
Host 21.219.25.104.in-addr.arpa not found: 2(SERVFAIL)
$ dig @arin.authdns.ripe.net. in ns 21.219.25.104.in-addr.arpa.
[...]
;; AUTHORITY SECTION:
25.104.in-addr.arpa. 86400 IN NS ns1.cloudflare.com.
25.104.in-addr.arpa. 86400 IN NS ns2.cloudflare.com.
$ dig @ns1.cloudflare.com. in ptr 21.219.25.104.in-addr.arpa.
[...]
;; connection timed out; no servers could be reached
Best regards,
Christophe
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users