Re: [squid-users] Why do I have "idnsCheckQueue" timeouts ?

From: Henrik Nordstrom <>
Date: Mon, 26 Mar 2001 19:23:37 +0200

How can you use IP based ACL's for "INTRANET*", if there is no DNS?

If you have a private DNS without access to Internet DNS data then make
sure you also have private DNS root servers, and that all your DNS
servers are configured to use your root servers rather than the official
ones in their DNS cache primer files...

Most people use the dstdomain ACL type for matching intranet services.
This completely avoids the need to ask DNS to find out if the site is a
intranet site or not..

Henrik Nordstrom
Squid hacker
BENDAYAN J DsigTcs wrote:
> Thanks for the reply.
> Actually, the question was twofold :
> 1/ I cannot explain why the two squid instances do not behave identically
> (one timeouts on idnsCheckQueue and not the other) when all configuration
> files (squid qnd system) are the same. I checked everything by diff'ing
> them.
> 2/ I have effectively used a sequence
> "acl INTRANET1 dst"
> "acl INTRANET2 dst"
> "always_direct allow INTRANET1"
> "always_direct allow INTRANET2"
> "never_direct allow all"
> in squid.conf because I think that, coupled with "cache_peer
> parent 3129 3130 default proxy-only no-netdb-exchange" will do the trick I
> need : ie directly route all INTRANET1/2 requests to the servers, route all
> Internet requests to the peer squid.
> Your suggestions on how to achieve this more efficiently are welcome and
> thanks again.
> -----Message d'origine-----
> De: Henrik Nordstrom []
> Date: lundi 26 mars 2001 16:47
> Cc: ''
> Objet: Re: [squid-users] Why do I have "idnsCheckQueue" timeouts ?
> Something in your squid.conf causes Squid to try to make DNS lookups.
> Possible sources:
> a) http_access using dst ACL type
> b) Improper forwarding setup for a DNS-less child cache
>    never_direct allow all
> --
> Henrik Nordstrom
> Squid hacker
> BENDAYAN J DsigTcs wrote:
> > I cannot explain why the future "production" system gives "idnsCheckQueue"
> > timeouts (the exact message is "idnsCheckQueue : ID xx: giving up after 21
> > tries and y.z seconds" whereas the "test" one doesn't.
> >
> > The only effect of the timeouts is to introduce a delay in serving the
> > requests and it happens only the first time I provide a URL to a "new"
> > domain.
> >
> > We do not use a DNS server on these 2 instances although named runs on
> both.
> > The requests to the Internet are automatically proxied to another squid
> > instance that is behind our firewall and this instance is responsible for
> > name resolution.
> *************************************************************************
> Ce message et toutes les pièces jointes (ci-après le "message") sont
> confidentiels et établis à l'intention exclusive de ses destinataires.
> Toute utilisation ou diffusion non autorisée est interdite.
> Tout message électronique est susceptible d'altération.
> La SOCIETE GENERALE et ses filiales déclinent toute responsabilité au titre de ce message s'il a été altéré, déformé ou falsifié.
>                                 ********
> This message and any attachments (the "message") are confidential and
> intended solely for the addressees.
> Any unauthorised use or dissemination is prohibited.
> E-mails are susceptible to alteration.
> Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified.
> *************************************************************************
Received on Mon Mar 26 2001 - 10:47:51 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:52 MST