ons 2010-03-10 klockan 21:18 +0100 skrev Stefan Baur:
> > Do the local DNS used by the client promptly reject non-local names?
> Yes it does, that's why the browser's behavior surprised me.
With what kind of response?
dig www.example.com
> Entering the Proxy data directly instead of using the pac file makes the
> browser return the error page immediately, so the DNS server isn't the
> culprit.
That config does not ever use DNS, just the proxy.
> Also, granting the client DNS (same DNS server, only now supplying
> external DNS data as well) and direct web access via the router/firewall
> makes the browser respond immediately, too.
As expected.
My query was how the DNS server reacts on non-local queries when the
client is not authorized ot get external DNS data. None of the above
tests that..
> I also tried to reproduce the issue with wget, not using a pac file (not
> sure if wget would be able to parse one, anyway) but once with
> http_proxy=... set and once with --no-proxy.
> The response via the proxy was faster and returned a 504 Gateway Timeout
> or something like that.
Error response from wget without proxy setting should be pretty instant
if your DNS is properly configured.
> Locking up the entire browser for the time it takes to do three DNS
> queries is simply not acceptable, though.
Agreed. But in this case those DNS queries should just take a ms at
most... all three together.
> I think it's safe to say that neither the DNS server involved, nor squid
> are at fault here - there seems to be some buggy code in the browser.
could be. don't know.
Regards
Henrik
Received on Wed Mar 10 2010 - 22:13:25 MST
This archive was generated by hypermail 2.2.0 : Thu Mar 11 2010 - 12:00:06 MST