Re: [squid-users] Squids trying to resolve hostname of its peers - cluster of 22 Squids 2.6.STABLE21 servers from Amos Jeffries on 2010-02-24 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 25 Feb 2010 10:45:17 +1300

On Wed, 24 Feb 2010 16:45:57 +0000, <Dariusz.Panasiuk_at_synetrix.co.uk>
wrote:
> Hi All,
>
> During analysing DNS traffic from 22 2.6.STABLE21 Squids I have noticed
> that there is a substantial number of queries where Squids try to
resolve
> hostname of its peers. All of the boxes run as independent servers,
without
> shared cache.
>
> My question is why they need IP of others Squids, and where did they get
> hostname of them?
> Servers run only Squid daemon, so there isn't any www or any other extra
> service on them. We use Cisco ACE hardware load balancer, where all of
the
> Squids are represented by 1 IP.
>
> I am attaching below sample of squid.conf:
>
> http_port x.x.x.x:3128
> http_port 127.0.0.1:3128
>
> visible_hostname proxy.xxx.uk.com
> cache_mgr xxx_at_xxx.co.uk
>
> hierarchy_stoplist cgi-bin ?
>
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY

no_cache is obsolete. Use: cache deny QUERY

OR.... drop the QUERY bits altogether to cache the portion of dynamic
pages which are cacheable.

<snip>
>
> #----Rewriter/Redirector Parameters---
> #url_rewrite_program /usr/local/netsweeper/bin/redir -f
> http://x.x.x.x:8080/webadmin/deny/unavail.php -P3429 x.x.x.x
> url_rewrite_program /usr/local/netsweeper/bin/pcf_redir.pl
> url_rewrite_children 128
>

Squid will need to lookup all hostnames this script provides it with in
order to determine where the request it to be sent.

<snip>
>
> #----Global ACLs----
> #------- we don't have any of Squids IPs/names in any of ACLs --------#

But you do have ACLs? they do most of the DNS work in Squid.

The config you show don't have any peers. What you have is _sources_ that
Squid will be looking up every time it needs to deliver a request. All it
has to work with is the requested domain name and then later the
URL-rewritten domain name to be looked up instead.

Logging may also be trying to log the client host name. If a request comes
in from one of the other Squid it will be looked up.

Amos
Received on Wed Feb 24 2010 - 21:45:20 MST

This archive was generated by hypermail 2.2.0 : Thu Feb 25 2010 - 12:00:06 MST