[squid-users] Bad Connection & Round Robin DNS

Garri Djavadyan garryd at comnet.uz
Tue Nov 22 17:00:29 UTC 2016


On 2016-11-22 21:07, Jiann-Ming Su wrote:
> Is there a way to set the timeout on a bad connection?

Yes, you can use 'connect_timeout' [1] directive.


> When watching
> tcpdump on the two IPs, I did not see my squid instance try the other
> IP automatically.  I had to refresh my web browser connection multiple
> times.  This also indicates some DNS caching persistence.  Are there
> other DNS settings that can improve this behavior?

I believe Squid is configured for interception in your environment. In 
this case DNS resolution is performed on a client side and Squid uses 
resolved by the client destination IP address to connect to origin. In 
interception mode, Squid performs DNS resolution just to prevent Host 
forgery attack [2].

If you configure the clients explicitly, Squid will mark bad IP 
addresses and will avoid their use. It this case, you can use 
'squidclient mgr:ipcache' [3] to monitor resolved by Squid IP addresses 
and their status.


[1] http://www.squid-cache.org/Doc/config/connect_timeout/
[2] http://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery
[3] http://wiki.squid-cache.org/Features/CacheManager/IpCache

Garri


More information about the squid-users mailing list