Testing 3.1, and 3.29 on CentOS 6.4 64 bit.
Found an issue that I do not know how to resolve and any searches I made of the
archive for the mailing list just turned up people saying to disable caching on
domains. Which this has nothing to do with. What I am trying to do below
works fine on my Squid 2.6 servers.
Webapps.kattenlaw.com is the hostname I am trying to connect to on my 3.1 or
3.29 Squid proxies.
When you look this record up through dig or nslookup the namserver has to
contact dns1.kattenlaw.com or dns2.kattenlaw.com to return the IP.
My Squid 2.6 servers can lookup webapps.kattenlaw.com in 1 second and open the
website.
Squid 3.1 or 3.29 takes like 30 seconds just to resolve the name then bring up
the page.
I turned on debug and these are the key items from the 3.29 cache.log after
trying to access webapps.kattenlaw.com:
2013/04/08 23:43:13.564 kid1| Address.cc(409) LookupHostIP: Given Non-IP
'webapps.kattenlaw.com': Name or service not known
2013/04/08 23:43:13.567 kid1| Address.cc(409) LookupHostIP: Given Non-IP
'webapps.kattenlaw.com': Name or service not known
2013/04/08 23:43:43.718 kid1| Address.cc(409) LookupHostIP: Given Non-IP
'webapps.kattenlaw.com': Name or service not known
This is when Squid finally figures out how to resolve it (30 seconds later),
and this is the point it comes up in my browser:
2013/04/08 23:43:43.720 kid1| Address.cc(409) LookupHostIP: Given Non-IP
'webapps.kattenlaw.com': Name or service not known
2013/04/08 23:43:43.720 kid1| ipcache.cc(674) ipcache_nbgethostbyname:
ipcache_nbgethostbyname: HIT for 'webapps.kattenlaw.com'
2013/04/08 23:43:43.720 kid1| FilledChecklist.cc(100) ~ACLFilledChecklist:
ACLFilledChecklist destroyed 0x7fff6985c100
2013/04/08 23:43:43.720 kid1| Checklist.cc(275) ~ACLChecklist:
ACLChecklist::~ACLChecklist: destroyed 0x7fff6985c100
2013/04/08 23:43:43.721 kid1| peer_select.cc(293) peerSelectDnsPaths: Found
sources for 'webapps.kattenlaw.com:443'
2013/04/08 23:43:43.721 kid1| peer_select.cc(294) peerSelectDnsPaths:
always_direct = 0
2013/04/08 23:43:43.721 kid1| peer_select.cc(295) peerSelectDnsPaths:
never_direct = 0
2013/04/08 23:43:43.721 kid1| peer_select.cc(299) peerSelectDnsPaths:
DIRECT = local=xx.xx.xx.xx remote=63.166.107.228:443 flags=1
2013/04/08 23:43:43.721 kid1| peer_select.cc(308) peerSelectDnsPaths:
timedout = 0
2013/04/08 23:43:43.721 kid1| tunnel.cc(746) tunnelPeerSelectComplete: paths=1,
p[0]={local=xx.xx.xx.xx remote=63.166.107.228:443 flags=1},
serverDest[0]={local=xx.xx.xx.xx remote=63.
166.107.228:443 flags=1}
Using nslookup or dig from this same server the IP is returned right away, Is
there anything I can tweak with Squid to get this working faster?
This is me looking up this hostname from this same Squid 3.29 server using
nslookup and dig. They return the address right away:
nslookup webapps.kattenlaw.com
Server: 10.9.3.49
Address: 10.9.3.49#53
Non-authoritative answer:
Name: webapps.kattenlaw.com
Address: 63.166.107.228
>From Dig:
;; ANSWER SECTION:
webapps.kattenlaw.com. 101 IN A 63.166.107.228
;; AUTHORITY SECTION:
webapps.kattenlaw.com. 1781 IN NS dns1.kattenlaw.com.
webapps.kattenlaw.com. 1781 IN NS dns2.kattenlaw.com.
10.9.3.49 is the only name server in the resolve.conf for this box, and all
other queries are fast and the page comes up right away. It seems to only have
this long 30 second pause when it is a recursive lookup like the above. I have
tried populating the 10.9.3.49 name server within the squid.conf instead of it
pulling it out of resolve.conf, no difference.
Thanks for any help.
Brian
===========================================================
CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the
Internal Revenue
Service, any tax advice contained herein is not intended or written to be used
and cannot be used
by a taxpayer for the purpose of avoiding tax penalties that may be imposed on
the taxpayer.
===========================================================
CONFIDENTIALITY NOTICE:
This electronic mail message and any attached files contain information
intended for the exclusive
use of the individual or entity to whom it is addressed and may contain
information that is
proprietary, privileged, confidential and/or exempt from disclosure under
applicable law. If you
are not the intended recipient, you are hereby notified that any viewing,
copying, disclosure or
distribution of this information may be subject to legal restriction or
sanction. Please notify
the sender, by electronic mail or telephone, of any unintended recipients and
delete the original
message without making any copies.
===========================================================
NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability
partnership that has
elected to be governed by the Illinois Uniform Partnership Act (1997).
===========================================================
