Squid Cache Problem

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Squid Cache Problem

Devilindisguise
Hello all

Let me preface this by stating I am far from being a Squid expert so please
bear with me.

We have what is probably an easy one. Some Windows servers use a locally
installed Squid proxy instance for all outbound traffic. These servers also
make use of some F5 GTM (DNS) servers to provide a resilient inter-DC DNS
topology.

Essentially what should happen is under steady state conditions any DNS
request should be given IP address a.a.a.a, then under failure be given
b.b.b.b. The GTM DNS TTL is 30 seconds.

What we’re finding is that even after 5 mins of failure any HTTP request
from IE (configured with the Squid proxy) still targets a.a.a.a and traffic
is dropped. During this period if we remove the Squid proxy from the IE
settings, it works as now we target b.b.b.b.

So clearly some sort of caching, possibly DNS, is being done on the Squid.

Where is a good place to start on Squid to troubleshoot this,

Thank you



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid Cache Problem

Matus UHLAR - fantomas
On 25.07.19 00:41, Devilindisguise wrote:

>We have what is probably an easy one. Some Windows servers use a locally
>installed Squid proxy instance for all outbound traffic. These servers also
>make use of some F5 GTM (DNS) servers to provide a resilient inter-DC DNS
>topology.
>
>Essentially what should happen is under steady state conditions any DNS
>request should be given IP address a.a.a.a, then under failure be given
>b.b.b.b. The GTM DNS TTL is 30 seconds.
>
>What we’re finding is that even after 5 mins of failure any HTTP request
>from IE (configured with the Squid proxy) still targets a.a.a.a and traffic
>is dropped. During this period if we remove the Squid proxy from the IE
>settings, it works as now we target b.b.b.b.
>
>So clearly some sort of caching, possibly DNS, is being done on the Squid.

One of main points of DNS design is to be cacheable.
That is why DNS is not suited for load balancing and failover switching.

however, you should be able to look at content of DNS cache in squid using
cachemgr.cgi to see what's wrong there.

also, you can sniff the DNS traffic to see if only proper responses are
going to squid.
--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
REALITY.SYS corrupted. Press any key to reboot Universe.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid Cache Problem

Devilindisguise
Great, thank you.

We'll take a look at the DNS cache and see what we find.



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users