[squid-users] Bad Connection & Round Robin DNS
Garri Djavadyan
garryd at comnet.uz
Tue Nov 22 17:00:29 UTC 2016
On 2016-11-22 21:07, Jiann-Ming Su wrote:
> Is there a way to set the timeout on a bad connection?
Yes, you can use 'connect_timeout' [1] directive.
> When watching
> tcpdump on the two IPs, I did not see my squid instance try the other
> IP automatically. I had to refresh my web browser connection multiple
> times. This also indicates some DNS caching persistence. Are there
> other DNS settings that can improve this behavior?
I believe Squid is configured for interception in your environment. In
this case DNS resolution is performed on a client side and Squid uses
resolved by the client destination IP address to connect to origin. In
interception mode, Squid performs DNS resolution just to prevent Host
forgery attack [2].
If you configure the clients explicitly, Squid will mark bad IP
addresses and will avoid their use. It this case, you can use
'squidclient mgr:ipcache' [3] to monitor resolved by Squid IP addresses
and their status.
[1] http://www.squid-cache.org/Doc/config/connect_timeout/
[2] http://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery
[3] http://wiki.squid-cache.org/Features/CacheManager/IpCache
Garri
More information about the squid-users
mailing list