Re: [squid-users] Very slow initial reply
I have looked at the domain NS and it seems that 2 out of 4 are not responsive at all. If you are interested in clearing out the issue and more advanced dns related issues you can try bind-us...@lists.isc.org list. In the above list there are many dns administrators that can help and consult you on the next step to make the issue one of two: - gone(fixed locally) - fixed(fixed by the ns servers admins) Eliezer On 08/26/2014 09:20 PM, Cassiano Martin wrote: On my squid box it shows DNS failure. 014/08/26 15:15:09.243 kid1| ModEpoll.cc(139) SetSelect: FD 8, type=1, handler=1, client_data=0, timeout=0 2014/08/26 15:15:09.243 kid1| dns_internal.cc(1362) idnsRead: idnsRead: FD 8: received 55 bytes from 127.0.0.1:53 2014/08/26 15:15:09.243 kid1| dns_internal.cc(1169) idnsGrokReply: idnsGrokReply: QID 0xf689, -2 answers 2014/08/26 15:15:09.244 kid1| dns_internal.cc(1234) idnsGrokReply: idnsGrokReply: error Server Failure: The name server was unable to process this query. (2) 2014/08/26 15:15:09.244 kid1| dns_internal.cc(1092) idnsCallback: Merging DNS results www.lusitania.pt A has 3 RR, has -2 RR 2014/08/26 15:15:09.244 kid1| dns_internal.cc(1125) idnsCallback: Sending 3 (OK) DNS results to caller. 2014/08/26 15:15:09.244 kid1| ipcache.cc(498) ipcacheParse: ipcacheParse: 3 answers for 'www.lusitania.pt' 2014/08/26 15:15:09.244 kid1| ipcache.cc(556) ipcacheParse: ipcacheParse: www.lusitania.pt #0 212.55.134.4 2014/08/26 15:15:09.244 kid1| ipcache.cc(556) ipcacheParse: ipcacheParse: www.lusitania.pt #1 62.28.187.7 2014/08/26 15:15:09.245 kid1| client_side_request.cc(546) hostHeaderIpVerify: validate IP 62.28.187.7:80 non-match from Host: IP 212.55.134.4 2014/08/26 15:15:09.245 kid1| client_side_request.cc(541) hostHeaderIpVerify: validate IP 62.28.187.7:80 possible from Host: Thanks 2014-08-26 14:32 GMT-03:00 Bruno Guerreiro bruno.guerre...@ine.pt: Hello. Some of our user are complaning about very slow access to some sites. After some tests i've noticed that the time between squid receiving the request, and actually connecting to the site itself is very high. After this wait all the objects in the page are fetch rather quickly. I've tried upgrading to 3.4 but the issue persists. No auth in place, and the Squid server is connected to internet via full nat. Connecting directly from the server ou via some other proxy software, like nginx, works perfectly. Here are some of the sites (this are portuguese insurance companies): www.nseguros.pt www.lusitania.pt www.logo.pt Any ideas? Thanks in advance. Bruno Guerreiro DMSI/IT Instituto Nacional de Estatística Tel: 218440448 - Ext: 1657 Bruno Guerreiro DMSI/IT Instituto Nacional de Estatística Tel: 218440448 - Ext: 1657 Confidencialidade: Esta mensagem (e eventuais ficheiros anexos) é destinada exclusivamente às pessoas nela indicadas e tem natureza confidencial. Se receber esta mensagem por engano, por favor contacte o remetente e elimine a mensagem e ficheiros, sem tomar conhecimento do respectivo conteúdo e sem reproduzi-la ou divulgá-la. Confidentiality Warning: This e-mail message (and any attached files) is confidential and is intended solely for the use of the individual or entity to whom it is addressed. lf you are not the intended recipient of this message please notify the sender and delete and destroy all copies immediately.
Re: [squid-users] Very slow initial reply
Hello. Thanks for your reply. DNS was also my first thought, but what surprises me is that on the same server, nginx or direct are ok, but squid takes almost a minute. Also nslookup and dig work fast. And this happens everytime. But i'll look for DNS failures on the server Anyone has any other idea? Bruno Guerreiro DMSI/IT Instituto Nacional de Estatística Tel: 218440448 - Ext: 1657 - Original Message - From: Eliezer Croitoru elie...@ngtech.co.il To: squid-users@squid-cache.org Sent: Wednesday, 27 August, 2014 7:28:57 AM Subject: Re: [squid-users] Very slow initial reply I have looked at the domain NS and it seems that 2 out of 4 are not responsive at all. If you are interested in clearing out the issue and more advanced dns related issues you can try bind-us...@lists.isc.org list. In the above list there are many dns administrators that can help and consult you on the next step to make the issue one of two: - gone(fixed locally) - fixed(fixed by the ns servers admins) Eliezer On 08/26/2014 09:20 PM, Cassiano Martin wrote: On my squid box it shows DNS failure. 014/08/26 15:15:09.243 kid1| ModEpoll.cc(139) SetSelect: FD 8, type=1, handler=1, client_data=0, timeout=0 2014/08/26 15:15:09.243 kid1| dns_internal.cc(1362) idnsRead: idnsRead: FD 8: received 55 bytes from 127.0.0.1:53 2014/08/26 15:15:09.243 kid1| dns_internal.cc(1169) idnsGrokReply: idnsGrokReply: QID 0xf689, -2 answers 2014/08/26 15:15:09.244 kid1| dns_internal.cc(1234) idnsGrokReply: idnsGrokReply: error Server Failure: The name server was unable to process this query. (2) 2014/08/26 15:15:09.244 kid1| dns_internal.cc(1092) idnsCallback: Merging DNS results www.lusitania.pt A has 3 RR, has -2 RR 2014/08/26 15:15:09.244 kid1| dns_internal.cc(1125) idnsCallback: Sending 3 (OK) DNS results to caller. 2014/08/26 15:15:09.244 kid1| ipcache.cc(498) ipcacheParse: ipcacheParse: 3 answers for 'www.lusitania.pt' 2014/08/26 15:15:09.244 kid1| ipcache.cc(556) ipcacheParse: ipcacheParse: www.lusitania.pt #0 212.55.134.4 2014/08/26 15:15:09.244 kid1| ipcache.cc(556) ipcacheParse: ipcacheParse: www.lusitania.pt #1 62.28.187.7 2014/08/26 15:15:09.245 kid1| client_side_request.cc(546) hostHeaderIpVerify: validate IP 62.28.187.7:80 non-match from Host: IP 212.55.134.4 2014/08/26 15:15:09.245 kid1| client_side_request.cc(541) hostHeaderIpVerify: validate IP 62.28.187.7:80 possible from Host: Thanks 2014-08-26 14:32 GMT-03:00 Bruno Guerreiro bruno.guerre...@ine.pt: Hello. Some of our user are complaning about very slow access to some sites. After some tests i've noticed that the time between squid receiving the request, and actually connecting to the site itself is very high. After this wait all the objects in the page are fetch rather quickly. I've tried upgrading to 3.4 but the issue persists. No auth in place, and the Squid server is connected to internet via full nat. Connecting directly from the server ou via some other proxy software, like nginx, works perfectly. Here are some of the sites (this are portuguese insurance companies): www.nseguros.pt www.lusitania.pt www.logo.pt Any ideas? Thanks in advance. Bruno Guerreiro DMSI/IT Instituto Nacional de Estatística Tel: 218440448 - Ext: 1657 Bruno Guerreiro DMSI/IT Instituto Nacional de Estatística Tel: 218440448 - Ext: 1657 Confidencialidade: Esta mensagem (e eventuais ficheiros anexos) é destinada exclusivamente às pessoas nela indicadas e tem natureza confidencial. Se receber esta mensagem por engano, por favor contacte o remetente e elimine a mensagem e ficheiros, sem tomar conhecimento do respectivo conteúdo e sem reproduzi-la ou divulgá-la. Confidentiality Warning: This e-mail message (and any attached files) is confidential and is intended solely for the use of the individual or entity to whom it is addressed. lf you are not the intended recipient of this message please notify the sender and delete and destroy all copies immediately. Confidencialidade: Esta mensagem (e eventuais ficheiros anexos) � destinada exclusivamente �s pessoas nela indicadas e tem natureza confidencial. Se receber esta mensagem por engano, por favor contacte o remetente e elimine a mensagem e ficheiros, sem tomar conhecimento do respectivo conte�do e sem reproduzi-la ou divulg�-la. Confidentiality Warning: This e-mail message (and any attached files) is confidential and is intended solely for the use of the individual or entity to whom it is addressed. lf you are not the intended recipient of this message please notify the sender and delete and destroy all copies immediately.
Re: [squid-users] Very slow initial reply
On 27/08/2014 8:50 p.m., Bruno Guerreiro wrote: Hello. Thanks for your reply. DNS was also my first thought, but what surprises me is that on the same server, nginx or direct are ok, but squid takes almost a minute. Also nslookup and dig work fast. And this happens everytime. But i'll look for DNS failures on the server Anyone has any other idea? In Squid you can configure dns_timeout for how long it will wait in total for DNS results to come back. This will make an error response happen faster for this type of DNS error. As Eliezer mentioned, the fix is in your local DNS server config or the upstream domains DNS server config. * Your recursive DNS server used by Squid apparently has a long timeout on waits for a response from the domains NS-1 before moving on to its NS-2 etc. most of the actual lag you are seeing is coming from that. * The proper fix is for the upstream domain admin to fix their NS servers of course. If you contact them about which servers are having trouble that might get it fixed for everyone. Amos
Re: [squid-users] Very slow initial reply
Can you try to use dns_v4_first on? Eliezer On 08/26/2014 08:32 PM, Bruno Guerreiro wrote: Hello. Some of our user are complaning about very slow access to some sites. After some tests i've noticed that the time between squid receiving the request, and actually connecting to the site itself is very high. After this wait all the objects in the page are fetch rather quickly. I've tried upgrading to 3.4 but the issue persists. No auth in place, and the Squid server is connected to internet via full nat. Connecting directly from the server ou via some other proxy software, like nginx, works perfectly. Here are some of the sites (this are portuguese insurance companies): www.nseguros.pt www.lusitania.pt www.logo.pt Any ideas? Thanks in advance. Bruno Guerreiro DMSI/IT Instituto Nacional de Estatística Tel: 218440448 - Ext: 1657 Bruno Guerreiro DMSI/IT Instituto Nacional de Estatística Tel: 218440448 - Ext: 1657
Re: [squid-users] Very slow initial reply
On my squid box it shows DNS failure. 014/08/26 15:15:09.243 kid1| ModEpoll.cc(139) SetSelect: FD 8, type=1, handler=1, client_data=0, timeout=0 2014/08/26 15:15:09.243 kid1| dns_internal.cc(1362) idnsRead: idnsRead: FD 8: received 55 bytes from 127.0.0.1:53 2014/08/26 15:15:09.243 kid1| dns_internal.cc(1169) idnsGrokReply: idnsGrokReply: QID 0xf689, -2 answers 2014/08/26 15:15:09.244 kid1| dns_internal.cc(1234) idnsGrokReply: idnsGrokReply: error Server Failure: The name server was unable to process this query. (2) 2014/08/26 15:15:09.244 kid1| dns_internal.cc(1092) idnsCallback: Merging DNS results www.lusitania.pt A has 3 RR, has -2 RR 2014/08/26 15:15:09.244 kid1| dns_internal.cc(1125) idnsCallback: Sending 3 (OK) DNS results to caller. 2014/08/26 15:15:09.244 kid1| ipcache.cc(498) ipcacheParse: ipcacheParse: 3 answers for 'www.lusitania.pt' 2014/08/26 15:15:09.244 kid1| ipcache.cc(556) ipcacheParse: ipcacheParse: www.lusitania.pt #0 212.55.134.4 2014/08/26 15:15:09.244 kid1| ipcache.cc(556) ipcacheParse: ipcacheParse: www.lusitania.pt #1 62.28.187.7 2014/08/26 15:15:09.245 kid1| client_side_request.cc(546) hostHeaderIpVerify: validate IP 62.28.187.7:80 non-match from Host: IP 212.55.134.4 2014/08/26 15:15:09.245 kid1| client_side_request.cc(541) hostHeaderIpVerify: validate IP 62.28.187.7:80 possible from Host: Thanks 2014-08-26 14:32 GMT-03:00 Bruno Guerreiro bruno.guerre...@ine.pt: Hello. Some of our user are complaning about very slow access to some sites. After some tests i've noticed that the time between squid receiving the request, and actually connecting to the site itself is very high. After this wait all the objects in the page are fetch rather quickly. I've tried upgrading to 3.4 but the issue persists. No auth in place, and the Squid server is connected to internet via full nat. Connecting directly from the server ou via some other proxy software, like nginx, works perfectly. Here are some of the sites (this are portuguese insurance companies): www.nseguros.pt www.lusitania.pt www.logo.pt Any ideas? Thanks in advance. Bruno Guerreiro DMSI/IT Instituto Nacional de Estatística Tel: 218440448 - Ext: 1657 Bruno Guerreiro DMSI/IT Instituto Nacional de Estatística Tel: 218440448 - Ext: 1657 Confidencialidade: Esta mensagem (e eventuais ficheiros anexos) é destinada exclusivamente às pessoas nela indicadas e tem natureza confidencial. Se receber esta mensagem por engano, por favor contacte o remetente e elimine a mensagem e ficheiros, sem tomar conhecimento do respectivo conteúdo e sem reproduzi-la ou divulgá-la. Confidentiality Warning: This e-mail message (and any attached files) is confidential and is intended solely for the use of the individual or entity to whom it is addressed. lf you are not the intended recipient of this message please notify the sender and delete and destroy all copies immediately.
