Search squid archive

Re: Squid proxy without name resolution for internet adresses behind parent proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 30/04/17 18:50, Eliezer Croitoru wrote:

Can you try to add the next to your squid.conf:
dns_v4_first on

and see if it helps?

Eliezer

* http://www.squid-cache.org/Doc/config/dns_v4_first/
Just to clarify: if that solves your problem then you need to fix IPV6 handling in your network. Squid-2 is IPv4-only, and a Squid-3 trying to connect to it on a properly working IPv6-enabled network should failover very fast to the parents IPv4 address(es). Any delay caused by IPv6 in that process indicated ICMP/ICMPv6 failures - usually in the path-MTU discovery or tunnel MSS settings. 


Additional to that test - make sure the child proxy has:

 nonhierarchical_direct off
that will ensure that CONNECT/PUT/POST etc traffic is sent through the parent proxy and never tries to resolve.
You can also check that host_verify_strict is *not* in your child squid.conf. If that is set to "on" it will force Squid to resolve to do the verify checks. Likewise Squid-3 will need to resolve public names if it ever receives intercepted traffic, but thankfully your setup seems to avoiding that.
Assuming your local servers are using .local as the internal domain. If not make this whatever your internal TLD is: 

 acl local dstdomain .local
 never_diirect allow !local
The cache_peer name to the parent can be hostname instead of an internal IP, but does need to be the internal name in this network. That will simplify management and also make the Squid-3 ready to cope with IPv6 parents when your network migrates for that.
Not having dns_nameservers configured means Squid is using the machines system-wide DNS settings. Those do need to be set somehow, since at the very least Squid needs to resolve names for the parent proxies and any internal traffic that happens to get to it. I would make sure that has the internal DNS server details there to handle those lookups traffic.
If the problem remains after all that, tracking down what exactly the timeout value is would be helpful. The various things that can hang have different timeouts. And worst case a debug log with ALL,6 might be needed to find the exact cause of delay, but be aware that could be a huge log. 


HTH
Amos

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux