Re: [squid-users] Long timeout problem

From: Jonathan Pauli <jpauli@dont-contact.us>
Date: Fri, 17 Mar 2006 14:15:46 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I just added google.co to /etc/hosts on the squid machine and did a
squid -k reconfigure. Browsers still become unresponsive for about 5
minutes when going to a non existent domain including google.co But
if I go to say, google.com/randomthinger___ it returns an error
right away. This is what leads me to believe it is a DNS issue.
Bind-tools lookups using dig or nslookup (free BSD 6 OS) work fine.
 Squid is configured to use internal dns. I intend to test it with
external DNS this weekend. I believe I read that

I attempted to telnet to 3128 on the box and manually issue an HTTP
get to see if maybe the www browser has some kind of issue. I used:

telnet squid 3128

GET http://www.google.com/index.html HTTP/1.1

But we use authentication and I don't know how to supply credentials
via telnet (maybe someone here does). I'm guessing that to avoid
sending a password in clear text there is some complexity involved
here. I don't have time now, but perhaps this weekend I will try
writing a web client in Perl which uses the proxy...I think there is
a CPAN module for this. I'm not sure if this will help, as browsers
do not exhibit this behavior when not using the proxy.

Here are the dns stats:

The Queue:
                       DELAY SINCE
  ID SIZE SENDS FIRST SEND LAST SEND
- ------ ---- ----- ---------- ---------

Nameservers:
IP ADDRESS # QUERIES # REPLIES
- --------------- --------- ---------
127.0.0.1 45 45
4.2.2.2 0 0

Rcode Matrix:
RCODE ATTEMPT1 ATTEMPT2 ATTEMPT3
    0 96058 3 1
    1 0 0 0
    2 17 14 13
    3 572 0 0
    4 0 0 0
    5 0 0 0

After a bad request I do indeed see a corresponding TCP_MISS/503
error in the access.log file.

I guess I would be really suprised if our network is so unique that
no one else has seen this type of problem :P

If there is any other diagnostic output or debug info that I can
provide to help with this I will do so, but I don't know what is
relevant.

Thanks again,

- -Jonathan

Mark Elsen wrote:
>>
>> We are using Squid 2.5.12_1 to proxy www traffic. When a user with
>> IE or the latest Firefox from a Windows XP pro machine types a
>> domain that does not exist such as google.co the browser hangs for
>> several minutes before returning a squid error message to the effect
>> of 'this domain cannot be resolved'
>>
>> Is this a DNS timeout issue that can be changed in the squid config?
>>
>
> - Checkout the DNS stat's in squid's Cachemgr ; watchout for
> potential problems in there.
>
> M.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEGxjyT9O5WJm10e8RAor5AJ9MeYOfa7nZ4nKeznl4Av3SD6AhtACfSEwu
bx3fY0pJfuX3Utn8SFP1gmg=
=wLuZ
-----END PGP SIGNATURE-----
Received on Fri Mar 17 2006 - 13:15:58 MST

This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:04 MST