Search squid archive

Re: Strange delays (30 seconds) with TLS connections in WCCP/Transparent mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sorry for the noise, I was able to find the cause: we use "dstdomain" ACLs and Squid does reverse lookups.

It seems that Cloudflare DNS servers do not respond to PTR requests, and since Squid has the default "dns_timeout" value to 30 seconds...:

$ host www.wireshark.org
www.wireshark.org has address 104.25.219.21
www.wireshark.org has address 104.25.218.21
www.wireshark.org has IPv6 address 2400:cb00:2048:1::6819:da15
www.wireshark.org has IPv6 address 2400:cb00:2048:1::6819:db15

$ host 104.25.219.21
Host 21.219.25.104.in-addr.arpa not found: 2(SERVFAIL)

$ dig @arin.authdns.ripe.net. in ns 21.219.25.104.in-addr.arpa.
[...]
;; AUTHORITY SECTION:
25.104.in-addr.arpa.    86400    IN    NS ns1.cloudflare.com.
25.104.in-addr.arpa.    86400    IN    NS ns2.cloudflare.com.

$ dig @ns1.cloudflare.com. in ptr 21.219.25.104.in-addr.arpa.
[...]
;; connection timed out; no servers could be reached

Best regards,

Christophe

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux