RE: [squid-users] cache_peer using DNS name
I don't have IPv6 capability, but on this test system I just did a quick install and Squid does have the default IPv6 setup as does the O/S (FreeBSD 7.2). I will recompile with --disable-ipv6 and see if the problem goes away. Not sure if they have a record for the hostname, I get a server fail response when trying against the DNS servers I have configured on the system. The Bind DNS servers I am hitting do have IPv6 disabled. I have recompiled Squid with the --disable-ipv6 option and set my cache_peer line back to the domain name. I will let you know if this resolves the problem, after the new configuration is running long enough to know. -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: Wednesday, March 31, 2010 5:17 PM To: squid-users@squid-cache.org Subject: Re: [squid-users] cache_peer using DNS name Henrik Nordström wrote: ons 2010-03-31 klockan 14:41 -0500 skrev Dean Weimer: I found it listed in 3.0PRE3 bugs, here is the link that I found, it is listed as fixed. And it is fixed. That was a typo which made Squid always use the name= instead of the host when figuring out how to connect to the peer. Obvious error, and long time gone (fixed in 2003, long before 3.0 was released in 2007). Does the peer have records and you have no IPv6 connectivity? This looks like one of the effects of our failover bug. Compounded by the fact the peer name is looked up so often. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.1
RE: [squid-users] cache_peer using DNS name
tor 2010-04-01 klockan 09:53 -0500 skrev Dean Weimer: I don't have IPv6 capability, but on this test system I just did a quick install and Squid does have the default IPv6 setup as does the O/S (FreeBSD 7.2). I will recompile with --disable-ipv6 and see if the problem goes away. Not sure if they have a record for the hostname, I get a server fail response when trying against the DNS servers I have configured on the system. Or are you saying you get a server failure response if you try to look up records for the peer, but A lookups works fine? Regards Henrik
RE: [squid-users] cache_peer using DNS name
I have not ran into the problem since disabling the IPv6 this morning, using the DNS name for the chace_peer with the name= option set on the line. Looks like you got it right Amos, thanks a bunch for your help. Dean -Original Message- From: Dean Weimer [mailto:dwei...@orscheln.com] Sent: Thursday, April 01, 2010 9:54 AM To: Amos Jeffries; squid-users@squid-cache.org Subject: RE: [squid-users] cache_peer using DNS name I don't have IPv6 capability, but on this test system I just did a quick install and Squid does have the default IPv6 setup as does the O/S (FreeBSD 7.2). I will recompile with --disable-ipv6 and see if the problem goes away. Not sure if they have a record for the hostname, I get a server fail response when trying against the DNS servers I have configured on the system. The Bind DNS servers I am hitting do have IPv6 disabled. I have recompiled Squid with the --disable-ipv6 option and set my cache_peer line back to the domain name. I will let you know if this resolves the problem, after the new configuration is running long enough to know. -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: Wednesday, March 31, 2010 5:17 PM To: squid-users@squid-cache.org Subject: Re: [squid-users] cache_peer using DNS name Henrik Nordström wrote: ons 2010-03-31 klockan 14:41 -0500 skrev Dean Weimer: I found it listed in 3.0PRE3 bugs, here is the link that I found, it is listed as fixed. And it is fixed. That was a typo which made Squid always use the name= instead of the host when figuring out how to connect to the peer. Obvious error, and long time gone (fixed in 2003, long before 3.0 was released in 2007). Does the peer have records and you have no IPv6 connectivity? This looks like one of the effects of our failover bug. Compounded by the fact the peer name is looked up so often. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.1
RE: [squid-users] cache_peer using DNS name
Good, now please file a bug report recording your findings. http://bugs.squid-cache.org/ tor 2010-04-01 klockan 15:37 -0500 skrev Dean Weimer: Yes that is correct. Just before seeing this I sent another message, with IPv6 disabled I am not having any problems using the DNS name and the name= option. -Original Message- From: Henrik Nordström [mailto:hen...@henriknordstrom.net] Sent: Thursday, April 01, 2010 3:35 PM To: Dean Weimer Cc: Amos Jeffries; squid-users@squid-cache.org Subject: RE: [squid-users] cache_peer using DNS name tor 2010-04-01 klockan 09:53 -0500 skrev Dean Weimer: I don't have IPv6 capability, but on this test system I just did a quick install and Squid does have the default IPv6 setup as does the O/S (FreeBSD 7.2). I will recompile with --disable-ipv6 and see if the problem goes away. Not sure if they have a record for the hostname, I get a server fail response when trying against the DNS servers I have configured on the system. Or are you saying you get a server failure response if you try to look up records for the peer, but A lookups works fine? Regards Henrik
[squid-users] cache_peer using DNS name
I am working on testing a hosted web filter solution, this involves chaining our internal squid proxy to the hosted web filter proxy server. I was seeing very poor performance and found several TCP connection to filters.dnsdomainname.com/8081 failed entries in the log. I discovered that changing he line to the IP address stopped this problem. Further searching found a bug in 3.0 where using a DN name for a parent and the name= option on a chace_peer line caused it to try and lookup the name= value instead of the DNS name. I went back and removed the name= option and set or line back to the DNS domain name. TCP connection errors are gone now. I am running version 3.1.1 here is the relevant part of the configuration. always_direct allow nonfilter never_direct allow all # Original Configuration, appears to work sometimes, but frequent connection errors # cache_peer filters.dnsdomainname.com parent 8081 0 name=webfilter no-query default login=PASS no-digest connect-timeout=10 connection-auth=on ## Second Try, works, but need to use DNS name in case they change their IP ## cache_peer 192.168.1.1 parent 8081 0 name=webfilter no-query default login=PASS no-digest connect-timeout=10 connection-auth=on ### Third try works, and is acceptable, but would be easier if I could use the name= option cache_peer filters.dnsdomainname.com parent 8081 0 no-query default login=PASS no-digest connect-timeout=10 connection-auth=on Everything works this way, but I thought I would throw this out there, in case someone else is struggling with the same problem. Thanks, Dean Weimer Network Administrator Orscheln Management Co
Re: [squid-users] cache_peer using DNS name
ons 2010-03-31 klockan 12:25 -0500 skrev Dean Weimer: I am working on testing a hosted web filter solution, this involves chaining our internal squid proxy to the hosted web filter proxy server. I was seeing very poor performance and found several TCP connection to filters.dnsdomainname.com/8081 failed entries in the log. I discovered that changing he line to the IP address stopped this problem. Further searching found a bug in 3.0 where using a DN name for a parent and the name= option on a chace_peer line caused it to try and lookup the name= value instead of the DNS name. I went back and removed the name= option and set or line back to the DNS domain name. TCP connection errors are gone now. Very Odd.. is there an open bug report on this? I don't see any trace of this happening from reading the sources. There is a very clear distinction between host and name. Regards Henrik
RE: [squid-users] cache_peer using DNS name
I found it listed in 3.0PRE3 bugs, here is the link that I found, it is listed as fixed. http://ftp.isu.edu.tw/pub/Unix/Proxy/Squid/Versions/v3/3.0/bugs/index.html#squid-3.0.PRE3-accel_cache_peer_name However, this exact problem was occurring I would have never gotten out, I discovered since taking the name= option off that it was apparently just occurring less often. Maybe just a coincidence, that it got better when I changed it. I have changed the rule back to IP address to see if it continues without error over a longer period of time. I have ruled out any network connection problems being the cause (at least on my end). Let me know if there is any debug options I should enable to give you more information. -Original Message- From: Henrik Nordström [mailto:hen...@henriknordstrom.net] Sent: Wednesday, March 31, 2010 2:24 PM To: Dean Weimer Cc: squid-users@squid-cache.org Subject: Re: [squid-users] cache_peer using DNS name ons 2010-03-31 klockan 12:25 -0500 skrev Dean Weimer: I am working on testing a hosted web filter solution, this involves chaining our internal squid proxy to the hosted web filter proxy server. I was seeing very poor performance and found several TCP connection to filters.dnsdomainname.com/8081 failed entries in the log. I discovered that changing he line to the IP address stopped this problem. Further searching found a bug in 3.0 where using a DN name for a parent and the name= option on a chace_peer line caused it to try and lookup the name= value instead of the DNS name. I went back and removed the name= option and set or line back to the DNS domain name. TCP connection errors are gone now. Very Odd.. is there an open bug report on this? I don't see any trace of this happening from reading the sources. There is a very clear distinction between host and name. Regards Henrik
RE: [squid-users] cache_peer using DNS name
ons 2010-03-31 klockan 14:41 -0500 skrev Dean Weimer: I found it listed in 3.0PRE3 bugs, here is the link that I found, it is listed as fixed. And it is fixed. That was a typo which made Squid always use the name= instead of the host when figuring out how to connect to the peer. Obvious error, and long time gone (fixed in 2003, long before 3.0 was released in 2007). Regards Henrik
Re: [squid-users] cache_peer using DNS name
Henrik Nordström wrote: ons 2010-03-31 klockan 14:41 -0500 skrev Dean Weimer: I found it listed in 3.0PRE3 bugs, here is the link that I found, it is listed as fixed. And it is fixed. That was a typo which made Squid always use the name= instead of the host when figuring out how to connect to the peer. Obvious error, and long time gone (fixed in 2003, long before 3.0 was released in 2007). Does the peer have records and you have no IPv6 connectivity? This looks like one of the effects of our failover bug. Compounded by the fact the peer name is looked up so often. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.1