Package: squid Version: 4.1-1 Severity: normal For testing purposes I use squid proxy on my laptop. Since upgrading to 4.1, when the system boots, squid service is not operating properly: it always fails to resolve DNS names. And I have to restart the service in order to make it work. Here is the output of "journalctl -u squid.service", that reveals the culprit: --------------- lug 07 12:53:13 etna systemd[1]: Starting Squid Web Proxy Server... lug 07 12:53:13 etna squid[698]: setsid failed: (1) Operation not permitted lug 07 12:53:13 etna squid[698]: 2018/07/07 12:53:13| Created PID file (/var/run/squid.pid) lug 07 12:53:13 etna squid[698]: Squid Parent: will start 1 kids lug 07 12:53:13 etna squid[698]: Squid Parent: (squid-1) process 751 started lug 07 12:53:13 etna squid[698]: 2018/07/07 12:53:13 kid1| Set Current Directory to /var/spool/squid lug 07 12:53:13 etna squid[698]: 2018/07/07 12:53:13 kid1| Creating missing swap directories lug 07 12:53:13 etna squid[698]: 2018/07/07 12:53:13 kid1| No cache_dir stores are configured. lug 07 12:53:13 etna squid[698]: Squid Parent: squid-1 process 751 exited with status 0 lug 07 12:53:13 etna squid[698]: 2018/07/07 12:53:13| Removing PID file (/var/run/squid.pid) lug 07 12:53:13 etna squid[796]: Created PID file (/var/run/squid.pid) lug 07 12:53:13 etna squid[796]: Squid Parent: will start 1 kids lug 07 12:53:13 etna squid[796]: Squid Parent: (squid-1) process 801 started lug 07 12:53:13 etna systemd[1]: Started Squid Web Proxy Server. lug 07 12:53:13 etna squid[801]: Set Current Directory to /var/spool/squid lug 07 12:53:13 etna squid[801]: Starting Squid Cache version 4.1 for x86_64-pc-linux-gnu... lug 07 12:53:13 etna squid[801]: Service Name: squid lug 07 12:53:13 etna squid[801]: Process ID 801 lug 07 12:53:13 etna squid[801]: Process Roles: worker lug 07 12:53:13 etna squid[801]: With 1024 file descriptors available lug 07 12:53:13 etna squid[801]: Initializing IP Cache... lug 07 12:53:13 etna squid[801]: DNS Socket created at [::], FD 5 lug 07 12:53:13 etna squid[801]: DNS Socket created at 0.0.0.0, FD 9 lug 07 12:53:13 etna squid[801]: /etc/resolv.conf: (2) No such file or directory lug 07 12:53:13 etna squid[801]: Warning: Could not find any nameservers. Trying to use localhost lug 07 12:53:13 etna squid[801]: Please check your /etc/resolv.conf file lug 07 12:53:13 etna squid[801]: or use the 'dns_nameservers' option in squid.conf. lug 07 12:53:13 etna squid[801]: Logfile: opening log daemon:/var/log/squid/access.log lug 07 12:53:13 etna squid[801]: Logfile Daemon: opening log /var/log/squid/access.log lug 07 12:53:13 etna squid[801]: Local cache digest enabled; rebuild/rewrite every 3600/3600 sec lug 07 12:53:13 etna squid[801]: Store logging disabled lug 07 12:53:13 etna squid[801]: Swap maxSize 0 + 262144 KB, estimated 20164 objects lug 07 12:53:13 etna squid[801]: Target number of buckets: 1008 lug 07 12:53:13 etna squid[801]: Using 8192 Store buckets lug 07 12:53:13 etna squid[801]: Max Mem size: 262144 KB lug 07 12:53:13 etna squid[801]: Max Swap size: 0 KB lug 07 12:53:13 etna squid[801]: Using Least Load store dir selection lug 07 12:53:13 etna squid[801]: Set Current Directory to /var/spool/squid lug 07 12:53:13 etna squid[801]: Finished loading MIME types and icons. lug 07 12:53:13 etna squid[801]: HTCP Disabled. lug 07 12:53:13 etna squid[801]: Pinger socket opened on FD 14 lug 07 12:53:13 etna squid[801]: Squid plugin modules loaded: 0 lug 07 12:53:13 etna squid[801]: Adaptation support is off. lug 07 12:53:13 etna squid[801]: Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 12 flags=9 lug 07 12:53:14 etna squid[801]: storeLateRelease: released 0 objects ---------------
As you can see, when squid starts it cannot find /etc/resolv.conf and so seems to fallback to use a local nameserver, that is not present here. Here networking is managed by NetworkManager and /etc/resolv.conf is currently a symbolic link to /run/NetworkManager/resolv.conf Looks like squid.service starts too early, when the link is still not set. Cesare. -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.17.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages squid depends on: ii adduser 3.117 ii libc6 2.27-3 ii libcap2 1:2.25-1.2 ii libcom-err2 1.44.3~rc2-1 ii libdb5.3 5.3.28-13.1+b1 ii libdbi-perl 1.641-1 ii libecap3 1.0.1-3.2 ii libexpat1 2.2.5-3 ii libgcc1 1:8.1.0-9 ii libgnutls30 3.5.18-1 ii libgssapi-krb5-2 1.16-2 ii libkrb5-3 1.16-2 ii libldap-2.4-2 2.4.46+dfsg-5 ii libltdl7 2.4.6-2.1 ii libnetfilter-conntrack3 1.0.7-1 ii libnettle6 3.4-1 ii libpam0g 1.1.8-3.7 ii libsasl2-2 2.1.27~101-g0780600+dfsg-3.1 ii libstdc++6 8.1.0-9 ii libxml2 2.9.4+dfsg1-7+b1 ii logrotate 3.11.0-0.1 ii lsb-base 9.20170808 ii netbase 5.4 ii squid-common 4.1-1 Versions of packages squid recommends: ii ca-certificates 20180409 ii libcap2-bin 1:2.25-1.2 Versions of packages squid suggests: pn resolvconf <none> pn smbclient <none> pn squid-cgi <none> ii squid-purge 4.1-1 ii squidclient 4.1-1 pn ufw <none> pn winbindd <none> -- Configuration Files: /etc/squid/squid.conf changed: debug_options ALL,1 http_port 3128 cache_mgr webmaster cachemgr_passwd none all shutdown_lifetime 5 seconds coredump_dir /var/spool/squid acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN) acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN) acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN) acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN) acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN) acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 3128 # squidclient acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localhost http_access deny all -- no debconf information