Re: [squid-users] Re: DNS & Squid tree with parent - child

Fri, 20 Apr 2012 06:17:35 -0700 

On 21/04/2012 12:47 a.m., anita wrote:

Hi Amos,

I intend to use Squid for a satellite based communication network.
A child squid on one end will talk to the parent squid on the other end.

My understanding was that for every http request that does not have IP but
names instead, the child squid will do a dns lookup if it is a miss in its
cache before sending it to the parent. As the dns lookup will be expensive,
and will cause considerable delay (plus inherent delay due to satellite
networks), I had planned to accumulate some of the DNS look ups from the
parent over time and push it over to the child in the background. This way
the child squid will not have to do a dns lookup but it will be present in
its ipcache itself.

But when I tried it out in a small setup, it looked to me that the child
squid does not seem to do any lookups for the requested URL (it does only
for the PARENT) if the object is not found in its cache. Instead it simply
forwards it to the parent and the parent squid does the look up.
Can you please confirm on this if my understanding is correct? Thanks.




That test result is correct.
The cache is indexed by textual-URL and the TCP connection to the parent proxy is setup explicitly by cache_peer. If you have cache_peer setup with IP address or the peers configured FQDN in your child proxies /etc/hosts file there is no DNS lookup needed for HTTP relaying.
Which leaves only Host: / same-origin validation if you are intercepting traffic. Or dst* ACLs being checked without the relevant domain or IP details being in the URL.
NP: pulling the DNS from parent to child will not help much. Squid obeys the DNS TTL values and the records need to be in the child before the first request makes use of them or DNS lookup will happen anyway.
If you or anyone wants to play around with this... Squid built with --disable-internal-dns makes use of a helper query instead of DNS packets. A default helper is bundled that uses the system resolver, but you can write a custom one with whatever system you like to supply Squid with DNS results. 

Amos

Reply via email to