On 26/09/17 17:59, Eliezer Croitoru wrote:
Hey, How about using a local bind\unbound DNS server that has a forwarding zone defined only for the local domains? For me it's a bit hard to understand the root cause for the issue but this is the best solution I can think about. If you need some help about with bind\unbound DNS configurations just send me an email and I will try to help you with that.
-----Original Message----- From: erdosain9 Hi. Im traying to improve the dns response because im having this times: Negotiate Authenticator Statistics: program: /lib64/squid/negotiate_kerberos_auth
Notice the name of the program above.
Sometimes much more time, sometimes go to avg service time: 560 msec...
Thats not good, DNS should be much faster. But not related to the errors below.
Sorry for my ignorance... This Negotiate Authenticator is for users??? i mean this is related to, for example, go to google.com, or is just the time that the user (client pc) wait for be authenticate??
The report you quoted was for Negotiate authentication helpers. Only. The times there relate to how long it takes to login.
I think, that is related to go to a web (now i have my doubts). so i make a dns with bind. and put that dns in squid config, and let the dns from the AD in second place... but, when i restart this happend: support_resolv.cc(289): pid=24587 :2017/09/22 11:16:35| kerberos_ldap_group:
Notice the name (above) of the program reporting these errors.
ERROR: Error while resolving service record _ldap._tcp.DOMAIN.LAN with r es_search support_resolv.cc(71): pid=24587 :2017/09/22 11:16:35| kerberos_ldap_group: ERROR: res_search: Unknown service record: _ldap._tcp.DOMAIN.LAN support_resolv.cc(183): pid=24587 :2017/09/22 11:16:35| kerberos_ldap_group: ERROR: Error while resolving hostname with getaddrinfo: Name or service not known support_sasl.cc(276): pid=24587 :2017/09/22 11:16:35| kerberos_ldap_group: ERROR: ldap_sasl_interactive_bind_s error: Can't contact LDAP server support_ldap.cc(957): pid=24587 :2017/09/22 11:16:35| kerberos_ldap_group: ERROR: Error while binding to ldap server with SASL/GSSAPI: Can't contact LDAP server So, this post is for two question. 1- The thing about Negotiate Authenticator (that value what represent?) 2- Can i improve making my own dns (apart from the the dns from the domain)? (i prefer make other dns, than fix the dns from the domain, because i dont manage that).
These errors are missing records and servers not running (or not existing?). Different DNS server would only help with lag.
Thanks to all, and sorry for the ignorance, and my bad writing (i dont speak english)
Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
