* Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>: > > But... monitoring reported dns_query_time rose to about 8000ms, Sorry, 18000ms :) > Disclaimer: My response below is based on quick code analysis without any > tests. It ignores many complications, including two DNS query types for each > name (A and AAAA) and chasing dns_defnames after NXDOMAIN. > > Squid dns_timeout does not control when Squid sends a query to the second > DNS nameserver. It controls when Squid completely gives up on trying to > resolve a name. Such resolution failures often lead to transaction > forwarding errors. OK! > The time[out] gap between two repeated DNS queries within one resolution > attempt is controlled by dns_retransmit_interval (including its exponential > back-off algorithm). See below for more details. Ah, I see. > Not yet AFAICT: Today, Squid starts with the first nameserver and uses the > second nameserver only when the first query fails (including > dns_retransmit_interval timeouts). If there is enough time (see dns_timeout) > and there are only two DNS nameservers configured, then Squid will use the > first nameserver again (for the same resolution attempt) if the second > query/nameserver fails, and so on (i.e. a round robin scan across all > configured nameservers that always starts with the first nameserver). > > Thus, if I am reading the code correctly, an unresponsive first nameserver > will cripple your Squid even if the second nameserver is perfectly healthy > :-(. Yes, that's what I observed here :) -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG | Raum 105 Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 ralf.hildebrandt@xxxxxxxxxx https://www.charite.de _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
