RE: [squid-users] Issue related to using Squid 3.1 or 3.29 and accessing a site that uses a recursive DNS record. (30 seconds to bring up site)

From: Duncan, Brian M. <>
Date: Tue, 9 Apr 2013 19:46:46 +0000

>Sorry if I wasn't clear.
>I will try to rephrase the logic.
>I went from the buttom up.
>curl + wget + simple ruby script = slow response.
>notice that this address is a redirection.
>I am unsure now about the dns issue that I have seen this morning.
>The main problem is not the page but the ssl.
>which takes forever...
>it might be a HTTP 1 vs 1.1 issue which is the same for wget + curl + squid.
>leaves the main problems as: dns and service(http 1.1.) problem rather
>then squid.


Thanks for the reply and further clarification,

I still believe the issue I am reporting is specific to DNS and how Squid's internal DNS resolver works.

I forgot to mention if I bypass using the hostname in my test, and enter one of the resolved IP's instead of it is immediate. There is no delay in bringing the page up.

I also tried another variation while testing today, I re-compiled Squid 3.2.9 with --disable-internal-dns and it has different behavior indicating even further that the problem lies within the internal resolver Squid 3.x uses.

When 3.2.9 is compiled with --disable-internal-dns, the first time I access it only takes 15 seconds to come up instead of 30 it took while having the default 3.2.9 internal resolver functioning.

Then subsequent connection attempts to come up instantaneously every time after that. (Switching between different browsers using the 3.2.9 as the proxy server) Indicating the name is cached at that point and not re-queried on my 3.2.9 box. In all my reading I think I recall reading somewhere that when using external DNS resolution with squid that it can wind up ignoring TTL on records. In this case the record TTL is only 5 seconds right now, so I know it is ignoring the TTL. If I restart squid, it will take 15 seconds to resolve it the 1st time.

CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue
Service, any tax advice contained herein is not intended or written to be used and cannot be used
by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer.
This electronic mail message and any attached files contain information intended for the exclusive
use of the individual or entity to whom it is addressed and may contain information that is
proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you
are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or
distribution of this information may be subject to legal restriction or sanction. Please notify
the sender, by electronic mail or telephone, of any unintended recipients and delete the original
message without making any copies.
NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has
elected to be governed by the Illinois Uniform Partnership Act (1997).
Received on Tue Apr 09 2013 - 19:46:56 MDT

This archive was generated by hypermail 2.2.0 : Wed Apr 10 2013 - 12:00:05 MDT