Quantcast

Squid 3.x never_direct and DNS requests problem.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Squid 3.x never_direct and DNS requests problem.

FUSTE Emmanuel
Hello,

I'm in a context where I have a lot of Squid installation without direct
internet access.
All queries are forwarded to an Internet connected peer.

Recently, I migrate my old 2.x Squid to 3.x and take responsibility for
some other 3.x existing installations.
- my Debian based Squid 3.4.8 start doing DNS request for each requested
domain
- Ubuntu 14.04 based Squid 3.3.8 behave the same
- Ubuntu 16.04 based Squid 3.5.12 behave the same
The internal DNS setup is completely private with it's own hierarchy an
with no Internet link/relation.
Internet "like" request are banned on this infrastructure and could
raise alarms.

On the Ubuntu installations, the problem was worked around with a local
nsd daemon responsible to answer "nxdomain" to all requests.

All was carefully checked and nothing in my configuration (acl etc ...)
explain why Squid insist to do DNS requests for requests forwarded to
the peer(s).

I was able to reproduce the "bug" with all squid versions up to 3.5.23
with this minimalist config test file:
----------------------------
http_access allow all

http_port 3128
cache_peer 10.xx.xx.xx parent 8000 0 default no-query no-digest
login=login:password
never_direct allow all

cache_mem 256 MB
maximum_object_size_in_memory 16384 KB
cache_dir aufs /var/spool/squid3 100000 32 256
maximum_object_size 400 MB
access_log stdio:/var/log/squid/access.log squid

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

quick_abort_pct 55
read_ahead_gap 128 KB
hosts_file none
coredump_dir /var/spool/squid3

#bug #4575
url_rewrite_extras XXX
store_id_extras XXX
------------------------------------

Since the switch from 3.5.12 to 3.5.19/23, I am able to use a simpler
work around (I switched directly from 3.5.12 to 3.5.19 so I don't know
when the behavior changed):
Instead of installing a fake local DNS server and using
dns_nameservers 127.0.0.1
I could use
dns_nameservers none
Squid warn about non usable DNS and proceed normally. Before (tested
with 3.5.12 and lower) Squid hang.

So, I am missing something ? Is it a know problem ?
With the work around, things work but I could not logs things based on
Internal DNS for the client side, and this is something that was working
in the old 2.x versions.
Should I open a bug report ?

Thank you,
Emmanuel.


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Squid 3.x never_direct and DNS requests problem.

Amos Jeffries
Administrator
On 24/01/2017 3:58 a.m., FUSTE Emmanuel wrote:
>
> All was carefully checked and nothing in my configuration (acl etc ...)
> explain why Squid insist to do DNS requests for requests forwarded to
> the peer(s).
>
<snip>
>
> #bug #4575
> url_rewrite_extras XXX
> store_id_extras XXX

I dont think that workaround is working.

> ------------------------------------
>
> Since the switch from 3.5.12 to 3.5.19/23, I am able to use a simpler
> work around (I switched directly from 3.5.12 to 3.5.19 so I don't know
> when the behavior changed):
> Instead of installing a fake local DNS server and using
> dns_nameservers 127.0.0.1
> I could use
> dns_nameservers none
> Squid warn about non usable DNS and proceed normally. Before (tested
> with 3.5.12 and lower) Squid hang.
>

:-) nice.

I'm prety sure this is still bug 4575. I've added a comment there to
mention how the workaround is broken, and your improved one.

Amos

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Squid 3.x never_direct and DNS requests problem.

FUSTE Emmanuel
Le 23/01/2017 à 23:41, Amos Jeffries a écrit :

> On 24/01/2017 3:58 a.m., FUSTE Emmanuel wrote:
>> All was carefully checked and nothing in my configuration (acl etc ...)
>> explain why Squid insist to do DNS requests for requests forwarded to
>> the peer(s).
>>
> <snip>
>> #bug #4575
>> url_rewrite_extras XXX
>> store_id_extras XXX
> I dont think that workaround is working.
>
>> ------------------------------------
>>
>> Since the switch from 3.5.12 to 3.5.19/23, I am able to use a simpler
>> work around (I switched directly from 3.5.12 to 3.5.19 so I don't know
>> when the behavior changed):
>> Instead of installing a fake local DNS server and using
>> dns_nameservers 127.0.0.1
>> I could use
>> dns_nameservers none
>> Squid warn about non usable DNS and proceed normally. Before (tested
>> with 3.5.12 and lower) Squid hang.
>>
> :-) nice.
>
> I'm prety sure this is still bug 4575. I've added a comment there to
> mention how the workaround is broken, and your improved one.
>
Thank you !
If there's anything I can help with to solve this bug, I'd be happy to.

Emmanuel.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Loading...