Dear Alex. Thanks for the tip. Please check full log at https://pastebin.com/JmdS6Sw5 <https://pastebin.com/JmdS6Sw5> .
In this attempt, I tried to visit google. In this case lan dns could not provide a correct dns reply, but provided a No Such Domain reply instead. > On Jan 13, 2026, at 9:48 AM, Alex Rousskov <[email protected]> > wrote: > > On 2026-01-12 20:22, Archer wrote: > >> I picked up this part of log as evidence that Squid does conduct DNS >> lookups AFTER a peer connection is selected( log ommited). In the >> configuration, a cache peer (parent proxy) for specified domains presents. >> And the relative part of config is already provided in some other thread of >> this post. TY > > > FWIW, if I have access to a full debugging log collected while reproducing > the problem, I may be able to tell you what causes DNS lookups in your > specific environment. I discourage Squid admins from studying debugging logs > because they are meant for Squid developers and can be very misleading. > > https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction > > Without looking at the logs, and without investing a lot of time in trying to > reproduce the problem locally based on the partial information you have > shared, I can only offer guesses, and I have done that already. > > Alex. > > >> On 2026-01-09 17:19, archer wrote: >>> cache_peer a.b.c.d parent ... name=NodeNG >>> always_direct extranet_whitelist >>> never_direct extranet >>> I observed peer-select.cc still conducting DNS lookups on an extranet >>> domain , which is a purely domain-based ACL. e.g. >>> >>> peer_select.cc(833) selectSomeParent: CONNECT www.example.com >>> ... >>> peer_select.cc(460) resolveSelected: Find IP destination for: >>> www.example.com:443 via a.b.c.d >> The above debugging log snippet is unrelated to ACLs checking/code. >> Squid says that it needs to resolve a.b.c.d to connect to a peer at that >> a.b.c.d address. If a.b.c.d is alerady an IP address, then that resolution >> is going to be a no-op -- no actual DNS queries will be sent. >> I do not know what triggers other DNS queries in your case. If I have to >> guess, I would guess that peer selection algorithm finds multiple ways to >> satisfy that CONNECT-to-X request and some of those ways include a direct >> connection to X, triggering X resolution. >>> So, what can I do to have extranet DNS handled by the parent proxy, while >>> leaving the remainder to the child proxy, with a domain list ? >>> Squid Cache: Version 5.7 >> FWIW, the above version is not supported by the Squid Project. >> Alex. >
_______________________________________________ squid-users mailing list [email protected] https://lists.squid-cache.org/listinfo/squid-users
