[squid-users] squid not liking dnscache for some hosts?

[Jason Haar]

Hi there

We have CentOS-6 servers running the default squid-3.1.10 with dnscache
on 127.0.0.1 as the local dns server. It's been working fine but we've
just had reports that people couldn't reach urls on
dl.dropboxusercontent.com

On the proxy itself, "nslookup dl.dropboxusercontent.com" worked fine -
returning several IP addresses (just like google and all other Cloud
service providers do), but squid returns a 404 on any page in it
(X-Squid-Error: ERR_DNS_FAIL 0). It hangs and sniffing made me think it
was hanging on the DNS lookup part. I then edited /etc/resolv.conf and
pointed at some Microsoft DNS servers we have (which our dnscache just
forwards to anyway) and the problem was solved.

So it looks like dnscache doesn't like dl.dropboxusercontent.com, or
squid doesn't like how dnscache returns that data to it? All I know is
that this all works fine for everything else (ie we haven't had
complaints about any other sites with multiple IP addresses), and works
fine for dig/nslookup, but I can't for the life of me figure out what's
so different about this

Even the cachemgr cgi  "IP Cache" contains dl.dropboxusercontent.com
with only "OK" IP addresses  - even though squid returns "X-Squid-Error:
ERR_DNS_FAIL 0". The only difference between it and other cached hosts
is that it hasn't got a "H" flag like the other hosts do? I even cranked
up debugging, but all that shows up is matching dropboxusercontent.com
against acl lists and NOT getting a match (as expected) - it doesn't
seem to show DNS debugging?

Any ideas? Thanks

-- 
Cheers

Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1