Le 19/08/2017 à 22:08, Eliezer Croitoru a écrit : > Hey Emmanuel, > > Something is not clear to me. > Are you using url_rewrite or store_id helpers in any form? No > Also what DNS lookups squid does exactly? > - Reverse > - Forward Mostly forward > > Also: > - internal clients > - external domains External domains. For the record, below is the original report, and the reply of Amos: > Hello, > > I'm in a context where I have a lot of Squid installation without direct > internet access. > All queries are forwarded to an Internet connected peer. > > Recently, I migrate my old 2.x Squid to 3.x and take responsibility for > some other 3.x existing installations. > - my Debian based Squid 3.4.8 start doing DNS request for each requested > domain > - Ubuntu 14.04 based Squid 3.3.8 behave the same > - Ubuntu 16.04 based Squid 3.5.12 behave the same > The internal DNS setup is completely private with it's own hierarchy an > with no Internet link/relation. > Internet "like" request are banned on this infrastructure and could > raise alarms. > > On the Ubuntu installations, the problem was worked around with a local > nsd daemon responsible to answer "nxdomain" to all requests. > > All was carefully checked and nothing in my configuration (acl etc ...) > explain why Squid insist to do DNS requests for requests forwarded to > the peer(s). > > I was able to reproduce the "bug" with all squid versions up to 3.5.23 > with this minimalist config test file: > ---------------------------- > http_access allow all > > http_port 3128 > cache_peer 10.xx.xx.xx parent 8000 0 default no-query no-digest > login=login:password > never_direct allow all > > cache_mem 256 MB > maximum_object_size_in_memory 16384 KB > cache_dir aufs /var/spool/squid3 100000 32 256 > maximum_object_size 400 MB > access_log stdio:/var/log/squid/access.log squid > > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > > quick_abort_pct 55 > read_ahead_gap 128 KB > hosts_file none > coredump_dir /var/spool/squid3 > > #bug #4575 > url_rewrite_extras XXX > store_id_extras XXX > ------------------------------------ > > Since the switch from 3.5.12 to 3.5.19/23, I am able to use a simpler > work around (I switched directly from 3.5.12 to 3.5.19 so I don't know > when the behavior changed): > Instead of installing a fake local DNS server and using > dns_nameservers 127.0.0.1 > I could use > dns_nameservers none > Squid warn about non usable DNS and proceed normally. Before (tested > with 3.5.12 and lower) Squid hang. > > So, I am missing something ? Is it a know problem ? > With the work around, things work but I could not logs things based on > Internal DNS for the client side, and this is something that was working > in the old 2.x versions. > Should I open a bug report ? > > Thank you, > Emmanuel. > On 24/01/2017 3:58 a.m., FUSTE Emmanuel wrote: >> All was carefully checked and nothing in my configuration (acl etc ...) >> explain why Squid insist to do DNS requests for requests forwarded to >> the peer(s). >> > <snip> >> #bug #4575 >> url_rewrite_extras XXX >> store_id_extras XXX > I dont think that workaround is working. > >> ------------------------------------ >> >> Since the switch from 3.5.12 to 3.5.19/23, I am able to use a simpler >> work around (I switched directly from 3.5.12 to 3.5.19 so I don't know >> when the behavior changed): >> Instead of installing a fake local DNS server and using >> dns_nameservers 127.0.0.1 >> I could use >> dns_nameservers none >> Squid warn about non usable DNS and proceed normally. Before (tested >> with 3.5.12 and lower) Squid hang. >> > nice. > > I'm prety sure this is still bug 4575. I've added a comment there to > mention how the workaround is broken, and your improved one. > > Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
