On 2026-01-13 01:51, archer wrote:
Please check full log at ...
Thank you for sharing that log.
In this attempt, I tried to visit google.
The first corresponding DNS lookup is triggered by Squid NetDB feature.
To disable that feature, ./configure Squid with `--disable-icmp`.
AFAICT, there is no squid.conf option that would disable those lookups
in Squids built with `--enable-icmp` (which is also the default).
HTH,
Alex.
On Jan 13, 2026, at 9:48 AM, Alex Rousskov wrote:
On 2026-01-12 20:22, Archer wrote:
I picked up this part of log asĀ evidence that Squid does conduct DNS
lookups AFTER a peer connection is selected( log ommited). In the
configuration, a cache peer (parent proxy) for specified domains
presents.
And the relative part of config is already provided in some other
thread of this post. TY
FWIW, if I have access to a full debugging log collected while
reproducing the problem, I may be able to tell you what causes DNS
lookups in your specific environment. I discourage Squid admins from
studying debugging logs because they are meant for Squid developers
and can be very misleading.
https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction
<https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction>
Without looking at the logs, and without investing a lot of time in
trying to reproduce the problem locally based on the partial
information you have shared, I can only offer guesses, and I have done
that already.
Alex.
On 2026-01-09 17:19, archer wrote:
cache_peer a.b.c.d parent ... name=NodeNG
always_direct extranet_whitelist
never_direct extranet
I observed peer-select.cc still conducting DNS lookups on an
extranet domain , which is a purely domain-based ACL. e.g.
peer_select.cc(833) selectSomeParent: CONNECT www.example.com
...
peer_select.cc(460) resolveSelected: Find IP destination for:
www.example.com:443 via a.b.c.d
The above debugging log snippet is unrelated to ACLs checking/code.
Squid says that it needs to resolve a.b.c.d to connect to a peer at
that a.b.c.d address. If a.b.c.d is alerady an IP address, then that
resolution is going to be a no-op -- no actual DNS queries will be sent.
I do not know what triggers other DNS queries in your case. If I have
to guess, I would guess that peer selection algorithm finds multiple
ways to satisfy that CONNECT-to-X request and some of those ways
include a direct connection to X, triggering X resolution.
So, what can I do to have extranet DNS handled by the parent proxy,
while leaving the remainder to the child proxy, with a domain list ?
Squid Cache: Version 5.7
FWIW, the above version is not supported by the Squid Project.
Alex.
_______________________________________________
squid-users mailing list
[email protected]
https://lists.squid-cache.org/listinfo/squid-users
