[squid-users] dns children setting breaks my squid.conf

[Amos Jeffries]

On 18/07/2016 12:21 p.m., B. Henry wrote:
> Here's is what I have in my working squid.conf related to dns. 
> Note that the dns children entry is commented out as when I try and use any value this breaks things and I can't use the server at all.
> 
> positive_dns_ttl 3 hours
> 

Best Practice for DNS is servers should use a TTL of 24hrs. Squid
default is already reducing that to 6hrs.

> 
> #dns_children 7
> 

That setting requires that you have built Squid to use a custom DNS
plugin instead of doing DNS the normal way.

If you have the default Ubuntu package like I suspect you do. Then Squid
is built to use DNS the normal way.


> dns_timeout 90 seconds
> 
> #dns_nameser 208.67.222.2224.2.2.4
>  

Two problems with this one:

 * "dns_nameser" is not an existing directive.

 * "208.67.222.2224.2.2.4" is not an IP address, despite the dots.

Note that if you *dont* list the dns_nameservers directive. Then your
machines normal /etc/resolv.conf settings are used by Squid instead of
any other DNS settings you might have

Using /etc/resolv.conf is really the best way to go as it allows your
networks auto-configuration to setup Squid properly with whatever the
local DNS systems are supposed to be using.


> This is squid 3.1.19 on ubuntu 12.04 64bit server. It's a openvz vps, not baremetal if that counts for anything.  
> 
> it uses two other google dns servers actually, so I defined the proxy to use an opendns and one google dns server, same ones I usually use on my local 
> hardware.

Best Practice is to setup a local DNS recursive resolver, so all your
systems can use it. That resolver can use the Google, Open DNS resolvers
if you want. This ensures that regardless of where the results came from
they are consistent across your network. That consistency becomes a
critical need if you do interception with Squid.

Amos