RE: RE: Re: [squid-users] Squid 2.7 + SquidGuard + Squidclamav

Well, whichever route you decide to use, Squid in general is _very_ DNS
dependant, so you need to make sure it can access DNS somehow without
any delay or timeouts. Everyone's situation may differ, even from site
to site (branch office to office) within the same company.
Basically, you just need to use BIND's DNS tools to try and figure out
where the problems lie, like whether there is a broken DNS server
somewhere that you are referencing.

>>> <childrenofchaos_at_freenet.de> 4/13/2011 4:40 PM >>>
Hey,

currently it´s configured as: forward to ISP DNS and many more free dns
server like google (8.8.8.8).
Before i setup an own dns (bind) i used only dns proxy:
iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT
--to-destination 192.168.0.1:53
and the same with the tcp protokoll. (192.168.0.1 = Router with pppoe
connect and dynamic dns "push" from isp)

than, as the issues occour i setup the bind dns, and now i think the
problems occour much more as before.

The strange thing is, setup runs for a long time without any problems
oO

thanks

> -----Ursprüngliche Nachricht-----
> Von: Chad Naugle
> Gesendet: Mi. 13.04.11 (22:31)
> An: childrenofchaos_at_freenet.de
> Kopie: squid-users_at_squid-cache.org
> Betreff: RE: Re: [squid-users] Squid 2.7 + SquidGuard + Squidclamav
>
> Does your "internal" DNS configuration use the root method, or does
> it
> forward to your ISP's DNS? I've noticed strange behavior (Notably
> DNS
> timeouts) recently with using the "root method" at one of my branch
> offices, and had to ditch it for the ISP "forwarders" ... In my
> case,
> it seemed to have something to do with IPv6 results from the root
> servers, and it was causing BIND to timeout, but the second query of
> the
> same website came back instantly.
>
> >>> 4/13/2011 4:21 PM >>>
> hey,
>
> i did that already :(
> and now i get the same error on my on squid maschine
> can´t see anything in the logfiles
>
> > -----Ursprüngliche Nachricht-----
> > Von: Chad Naugle
> > Gesendet: Mi. 13.04.11 (22:03)
> > An: childrenofchaos_at_freenet.de, squid-users_at_squid-cache.org
> > Betreff: Re: [squid-users] Squid 2.7 + SquidGuard + Squidclamav
> >
> > Personally, I would setup a caching-only instance of BIND on the
> > proxy,
> > and using that for DNS, or using your "internal" DNS system on
your
> > network, rather than depending on an outside source for all of
your
> > DNS.
> >
> > >>> 4/13/2011 3:06 PM >>>
> > Hey,
> >
> > The configuration listet above, runs longer 1 year without an
> probs.
> > Now we get the Squid Message: Timeout - DNS Error.
> >
> > first step i tried: dig google.de from the squid maschine. No
> probs.
> > i saw in the cache.log that all url_rewrite_children are busy, so
i
> > screwd em up from 8 to 16.
> >
> > Okey one Day later: DNS Error, and at this Time, no prob with the
> > url_rewrite_children.
> > now i added some dns Server and the google dns Server (8.8.8.8)
> which
> > should be up, and what i recieved today :/
> > dns Error.
> > After squid restart all works fine, no probles comes up in the
logs
> > (in
> > all logs) but after a day, the messaged blow up again.
> >
> > now i added dns_nameserver in the squid.conf but no idea any more?
> >
> > thanks for spending time on this.
> >
> >
> >
> >
> > ---
> > freenetMail - Der zuverlässige E-Mail-Dienst von freenet.de
> > Jetzt
> > http://mail.freenet.de/produkte/basic/index.html?pid=10111947018
> > mit 1 GB Speicher und Profi-Spamschutz sichern!
> >
> >
> > Travel Impressions made the following annotations
> > -------------------------------------------------------------
> > "This message and any attachments are solely for the intended
> > recipient
> > and may contain confidential or privileged information. If you
are
> > not
> > the intended recipient, any disclosure, copying, use, or
> distribution
> > of
> > the information included in this message and any attachments is
> > prohibited. If you have received this communication in error,
> please
> > notify us by reply e-mail and immediately and permanently delete
> this
> > message and any attachments.
> > Thank you."
> >
> >
> > -----Ursprüngliche Nachricht Ende-----
>
>
>
>
> ---
> freenetMail - Der zuverlässige E-Mail-Dienst von freenet.de
> Jetzt
> http://mail.freenet.de/produkte/basic/index.html?pid=10111947018
> mit 1 GB Speicher und Profi-Spamschutz sichern!
>
>
> Travel Impressions made the following annotations
> -------------------------------------------------------------
> "This message and any attachments are solely for the intended
> recipient
> and may contain confidential or privileged information. If you are
> not
> the intended recipient, any disclosure, copying, use, or
distribution
> of
> the information included in this message and any attachments is
> prohibited. If you have received this communication in error,
please
> notify us by reply e-mail and immediately and permanently delete
this
> message and any attachments.
> Thank you."
>
>
> -----Ursprüngliche Nachricht Ende-----

---
freenetMail - Der zuverlässige E-Mail-Dienst von freenet.de
Jetzt http://mail.freenet.de/produkte/basic/index.html?pid=10111947018
mit 1 GB Speicher und Profi-Spamschutz sichern!
Travel Impressions made the following annotations
-------------------------------------------------------------
"This message and any attachments are solely for the intended recipient
and may contain confidential or privileged information.  If you are not
the intended recipient, any disclosure, copying, use, or distribution of
the information included in this message and any attachments is
prohibited.  If you have received this communication in error, please
notify us by reply e-mail and immediately and permanently delete this
message and any attachments.
Thank you."