On 11/29/19 11:43 AM, Amos Jeffries wrote: > The PTR should only need to be looked up at all if something needs to > use the client FQDN. Usually that is logging. I suspect your build > auto-enabled ICAP features which uses the FQDN for icap_log. ... but icap_log is disabled by default, even in Squid builds that have ICAP support enabled, right? If a disabled icap_log triggers DNS lookups, there is a Squid bug we should fix. FWIW, the easiest way to figure out what triggered the lookup could be to start Squid in a debugger, and then, before starting the test transaction, add a breakpoint for fqdncache_nbgethostbyaddr. Post a stack trace from that function (when it is triggered after the httpAccept line is logged as shown in your cache.log). Alex. >> -------- 8< -------- >> Log: >> >> 2019/11/29 14:02:15.765 kid1| 5,2| TcpAcceptor.cc(224) doAccept: New >> connection on FD 8 >> 2019/11/29 14:02:15.765 kid1| 5,2| TcpAcceptor.cc(312) acceptNext: >> connection on local=0.0.0.0:3130 remote=[::] FD 8 flags=9 >> 2019/11/29 14:02:15.770 kid1| 51,3| fd.cc(198) fd_open: fd_open() FD 9 >> HTTP Request >> 2019/11/29 14:02:15.770 kid1| 33,4| client_side.cc(2520) httpAccept: >> local=10.254.236.19:3130 remote=10.229.200.152:56040 FD 9 flags=1: accepted >> 2019/11/29 14:02:15.770 kid1| 35,4| fqdncache.cc(420) >> fqdncache_nbgethostbyaddr: fqdncache_nbgethostbyaddr: Name '10.229.200.152'. >> 2019/11/29 14:02:15.771 kid1| 78,3| dns_internal.cc(1831) idnsPTRLookup: >> idnsPTRLookup: buf is 45 bytes for 10.229.200.152, id = 0x5eb3 >> >> -------- 8< -------- >> [root@sls squid-4.9]# squid -v >> Squid Cache: Version 4.9 >> Service Name: squid >> configure options: --enable-ltdl-convenience >> >> -------- 8< -------- >> [root@sls sls]# squid -u0 -f /etc/squid/sites/sls/sls.conf -k parse >> 2019/11/29 14:49:21| Startup: Initializing Authentication Schemes ... >> 2019/11/29 14:49:21| Startup: Initialized Authentication Scheme 'basic' >> 2019/11/29 14:49:21| Startup: Initialized Authentication Scheme 'digest' >> 2019/11/29 14:49:21| Startup: Initialized Authentication Scheme 'negotiate' >> 2019/11/29 14:49:21| Startup: Initialized Authentication Scheme 'ntlm' >> 2019/11/29 14:49:21| Startup: Initialized Authentication. >> 2019/11/29 14:49:21| aclIpParseIpData: IPv6 has not been enabled. >> 2019/11/29 14:49:21| aclIpParseIpData: IPv6 has not been enabled. >> 2019/11/29 14:49:21| Processing Configuration File: >> /etc/squid/sites/sls/sls.conf (depth 0) >> 2019/11/29 14:49:21| Processing: visible_hostname sls > >> 2019/11/29 14:49:21| Processing: acl from-all src all > > That is pretty pointless. "src all" is the definition of the built-in > "all" ACL. Might as well use that instead of these 'from-all' and make > it more clear that you have no restrictions on what clients can do with > your proxy. > >> 2019/11/29 14:49:21| Processing: http_access deny !safe-ports >> 2019/11/29 14:49:21| Processing: http_access deny CONNECT !ssl-ports >> 2019/11/29 14:49:21| Processing: http_access allow from-all >> 2019/11/29 14:49:21| Processing: cache_log >> stdio:/proxy/logs/squid/sls/cache-sls.log _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
