On Tue, 13 Apr 2004, dtom wrote: > OK.Here is snoop output with timing details. > > # snoop -r -t d -d hme0 port 53 > 0.01784 H.H.H.H -> A.A.A.A DNS C www.mail-archive.com. Internet Addr ? > 0.00004 H.H.H.H -> A.A.A.A DNS C www.mail-archive.com. Internet Addr ? > 0.00040 A.A.A.A -> H.H.H.H DNS R www.mail-archive.com. Internet Addr 211.9.244.15 > 0.00001 A.A.A.A -> H.H.H.H DNS R www.mail-archive.com. Internet Addr 211.9.244.15
This does indeed look odd.. > 0.00462 H.H.H.H -> A.A.A.A DNS C www.mail-archive.com. Internet Addr ? > 0.00004 H.H.H.H -> A.A.A.A DNS C www.mail-archive.com. Internet Addr ? And this is worse.. yet another query for www.mail-archive.com 0.004 seconds after receiving the reply to the first.. Have you by any chance disabled the ipcache? > > Ok, this I have not tried. Maybe there is some slight error in > > acl processing causing the double DNS lookup. > > Why do you think so? It is just a speculation on why you see double DNS lookups. You are using dst acls while in my tests when making the 2.5.STABLE5 release I did not use dst acls, just plain forwarding. The DNS lookup for a dst ACL is performed in a different part of the code than the forwarding lookup. Both are cached in the ipcache. > How can I see if there is some slight error in acl processing causing > the double DNS lookup? Temporarily disable the use of the dst acls in your http_access, cache_peer_access etc access lists, then monitor DNS usage. Regards Henrik
