[squid-users] Anyone has experience with Windows clients DNS timeout

ngtech1ltd at gmail.com ngtech1ltd at gmail.com
Sat Jan 2 16:23:35 UTC 2021


Hey Amos,

For an INTERCEPT setup we still need to resolve before squid is touching the packets.
There are registry keys for this purpose however we first need to identify this issue.
The basic way to verify this is using the "set debug" on nslookup and use a fully "cold" DNS recurser.

I was thinking about writing some PowerShell script that will do that but for now it's not really important.
More important then that is a good sysadmin.

Eliezer

----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com
Zoom: Coming soon




-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Amos Jeffries
Sent: Wednesday, December 30, 2020 6:15 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Anyone has experience with Windows clients DNS timeout

On 30/12/20 9:02 am, NgTech LTD wrote:
> I have seen this issue on Windows clients over the past.
> Windows nslookup shows that the query has timed out after 2 seconds.
> On Linux and xBSD I have researched this issue and have seen that:
> the DNS server is doing a recursive lookup and it takes from 7 to 10++
> seconds sometimes.
> When I pre-warn the DNS cache and the results are cached it takes
> lower then 500 ms for a response to be on the client side and then
> everything works fine.
> 
> I understand that Windows DNS client times out..
> When using froward proxy with squid or any other it works as expected
> since the DNS resolution is done on the proxy server.
> However for this issue I believe that this timeout should be increased
> instead of moving to DNS over HTTPS.


The DNS timeout in Squid is 30sec for exactly this type of reason. 2 
seconds is far too short to *guarantee* a recursive resolver is able to 
perform all the work and many round-trip lookups that are needed.

Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list