Re: [pfSense] Squid Problem and DNS?
On 2014-07-16 08:43, Brian Caouette wrote: I have not tried ISP's dns as I've found Googles to be faster. I can try that test tonight when I get home though to rule out the possibility. Be aware that using non-local DNS can end up with a suboptimal CDN routing situation as you get routed to the CDN nearest your chosen DNS servers rather than your actual local network. These might well be appropriately placed, but they might not, depending on where Google's DNS resolution happens for the node that you hit. In my opinion, running your own DNS is a better solution, if you're technically capable. On pfSense, this is often as simple as installing unbound and using it as a full resolver instead of DNS Forwarding/dnsmasq. As for #2 I understand I just find it odd the prior install although poor hit rate still produce results were the current install is at 0 after a week. Our traffic hasn't changed we still surf the same sites. The kids are typically on facebook, youtube, and game sites and the wife on school and work as I am. Between sites moving everything to HTTPS and the amount of dynamic content, hit rates are typically very low these days. Even static resources are often served over HTTPS (SPDY removing the last major reason to not use HTTPS for such things) Making it worse (but not really) is the way a lot of static content is called, embedding version numbers into JS/CSS/etc file names and using cache control headers to encourage clients to cache these resources for weeks, allowing browsers to efficiently cache resources that used to be served out of local proxy servers. Still, I'd expect a rate greater than absolute 0, but it takes a large number of users to get any real value out of a proxy level cache these days. Or at least that was my experience when our office was stuck on a 3Mb pipe instead of our usual dual 100Mb for a few months. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Squid Problem and DNS?
I had issues upgrading to the new .4 version of pfSense. I was forced to start from scratch. That said I have it all up and running however I have two issues I can't figure out. #1. Initial page lookups are really slow. When I enter a website it will pause for 6-8 seconds then the page is instantly there. I have Googles DNS set in general and currently have stock DNS Forwarder active. It's set to use system defaults. #2. Squid is active and working but hit rate has been zero. It's been running a week now. Prior install I would average a really poor .5 -2%. I'm not sure what to do. I'm on Google over load now trying to find the answers and so far my config seems to be in line with general recommendations. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Squid Problem and DNS?
What version were you upgrading from? 2.1.3? 2.0.x? On Jul 16, 2014, at 9:25, Brian Caouette bri...@dlois.com wrote: I had issues upgrading to the new .4 version of pfSense. I was forced to start from scratch. That said I have it all up and running however I have two issues I can't figure out. #1. Initial page lookups are really slow. When I enter a website it will pause for 6-8 seconds then the page is instantly there. I have Googles DNS set in general and currently have stock DNS Forwarder active. It's set to use system defaults. #2. Squid is active and working but hit rate has been zero. It's been running a week now. Prior install I would average a really poor .5 -2%. I'm not sure what to do. I'm on Google over load now trying to find the answers and so far my config seems to be in line with general recommendations. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Squid Problem and DNS?
On 16/7/14 3:25 pm, Brian Caouette wrote: #1. Initial page lookups are really slow. When I enter a website it will pause for 6-8 seconds then the page is instantly there. I have Googles DNS set in general and currently have stock DNS Forwarder active. It's set to use system defaults. As a test, have you tried using your ISP's caching DNS servers instead, and does it make any difference? #2. Squid is active and working but hit rate has been zero. It's been running a week now. Prior install I would average a really poor .5 -2%. I'm not sure what to do. I'm on Google over load now trying to find the answers and so far my config seems to be in line with general recommendations. A great many websites these days rely on dynamic content and send cache-control headers to prevent proxies like Squid from caching things. You can play with Squid's settings to ignore some cache-control headers, but obviously there are risks of delivering your clients out of date content by doing that. Kind regards, Chris -- This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Squid Problem and DNS?
2.1.3 to 2.1.4 On 7/16/2014 10:33 AM, Ryan Coleman wrote: What version were you upgrading from? 2.1.3? 2.0.x? On Jul 16, 2014, at 9:25, Brian Caouette bri...@dlois.com wrote: I had issues upgrading to the new .4 version of pfSense. I was forced to start from scratch. That said I have it all up and running however I have two issues I can't figure out. #1. Initial page lookups are really slow. When I enter a website it will pause for 6-8 seconds then the page is instantly there. I have Googles DNS set in general and currently have stock DNS Forwarder active. It's set to use system defaults. #2. Squid is active and working but hit rate has been zero. It's been running a week now. Prior install I would average a really poor .5 -2%. I'm not sure what to do. I'm on Google over load now trying to find the answers and so far my config seems to be in line with general recommendations. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Squid Problem and DNS?
I have not tried ISP's dns as I've found Googles to be faster. I can try that test tonight when I get home though to rule out the possibility. As for #2 I understand I just find it odd the prior install although poor hit rate still produce results were the current install is at 0 after a week. Our traffic hasn't changed we still surf the same sites. The kids are typically on facebook, youtube, and game sites and the wife on school and work as I am. On 7/16/2014 10:39 AM, Chris Bagnall wrote: On 16/7/14 3:25 pm, Brian Caouette wrote: #1. Initial page lookups are really slow. When I enter a website it will pause for 6-8 seconds then the page is instantly there. I have Googles DNS set in general and currently have stock DNS Forwarder active. It's set to use system defaults. As a test, have you tried using your ISP's caching DNS servers instead, and does it make any difference? #2. Squid is active and working but hit rate has been zero. It's been running a week now. Prior install I would average a really poor .5 -2%. I'm not sure what to do. I'm on Google over load now trying to find the answers and so far my config seems to be in line with general recommendations. A great many websites these days rely on dynamic content and send cache-control headers to prevent proxies like Squid from caching things. You can play with Squid's settings to ignore some cache-control headers, but obviously there are risks of delivering your clients out of date content by doing that. Kind regards, Chris ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Squid Problem and DNS?
Think I figured it out.. I had the hostname set to that of my website that is hosted offsite. As soon as I changed it to localhost webpages opened instantly! On 7/16/2014 10:42 AM, Brian Caouette wrote: 2.1.3 to 2.1.4 On 7/16/2014 10:33 AM, Ryan Coleman wrote: What version were you upgrading from? 2.1.3? 2.0.x? On Jul 16, 2014, at 9:25, Brian Caouette bri...@dlois.com wrote: I had issues upgrading to the new .4 version of pfSense. I was forced to start from scratch. That said I have it all up and running however I have two issues I can't figure out. #1. Initial page lookups are really slow. When I enter a website it will pause for 6-8 seconds then the page is instantly there. I have Googles DNS set in general and currently have stock DNS Forwarder active. It's set to use system defaults. #2. Squid is active and working but hit rate has been zero. It's been running a week now. Prior install I would average a really poor .5 -2%. I'm not sure what to do. I'm on Google over load now trying to find the answers and so far my config seems to be in line with general recommendations. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
