[squid-users] Memory leak

FUSTE Emmanuel emmanuel.fuste at thalesgroup.com
Mon Aug 21 09:33:33 UTC 2017


Le 19/08/2017 à 22:08, Eliezer Croitoru a écrit :
> Hey Emmanuel,
>
> Something is not clear to me.
> Are you using url_rewrite or store_id helpers in any form?
No
> Also what DNS lookups squid does exactly?
> - Reverse
> - Forward
Mostly forward
>
> Also:
> - internal clients
> - external domains
External domains.

For the record, below is the original report, and the reply of Amos:

> Hello,
>
> I'm in a context where I have a lot of Squid installation without direct
> internet access.
> All queries are forwarded to an Internet connected peer.
>
> Recently, I migrate my old 2.x Squid to 3.x and take responsibility for
> some other 3.x existing installations.
> - my Debian based Squid 3.4.8 start doing DNS request for each requested
> domain
> - Ubuntu 14.04 based Squid 3.3.8 behave the same
> - Ubuntu 16.04 based Squid 3.5.12 behave the same
> The internal DNS setup is completely private with it's own hierarchy an
> with no Internet link/relation.
> Internet "like" request are banned on this infrastructure and could
> raise alarms.
>
> On the Ubuntu installations, the problem was worked around with a local
> nsd daemon responsible to answer "nxdomain" to all requests.
>
> All was carefully checked and nothing in my configuration (acl etc ...)
> explain why Squid insist to do DNS requests for requests forwarded to
> the peer(s).
>
> I was able to reproduce the "bug" with all squid versions up to 3.5.23
> with this minimalist config test file:
> ----------------------------
> http_access allow all
>
> http_port 3128
> cache_peer 10.xx.xx.xx parent 8000 0 default no-query no-digest
> login=login:password
> never_direct allow all
>
> cache_mem 256 MB
> maximum_object_size_in_memory 16384 KB
> cache_dir aufs /var/spool/squid3 100000 32 256
> maximum_object_size 400 MB
> access_log stdio:/var/log/squid/access.log squid
>
> refresh_pattern ^ftp:           1440    20%     10080
> refresh_pattern ^gopher:        1440    0%      1440
> refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
> refresh_pattern .               0       20%     4320
>
> quick_abort_pct 55
> read_ahead_gap 128 KB
> hosts_file none
> coredump_dir /var/spool/squid3
>
> #bug #4575
> url_rewrite_extras XXX
> store_id_extras XXX
> ------------------------------------
>
> Since the switch from 3.5.12 to 3.5.19/23, I am able to use a simpler
> work around (I switched directly from 3.5.12 to 3.5.19 so I don't know
> when the behavior changed):
> Instead of installing a fake local DNS server and using
> dns_nameservers 127.0.0.1
> I could use
> dns_nameservers none
> Squid warn about non usable DNS and proceed normally. Before (tested
> with 3.5.12 and lower) Squid hang.
>
> So, I am missing something ? Is it a know problem ?
> With the work around, things work but I could not logs things based on
> Internal DNS for the client side, and this is something that was working
> in the old 2.x versions.
> Should I open a bug report ?
>
> Thank you,
> Emmanuel.

> On 24/01/2017 3:58 a.m., FUSTE Emmanuel wrote:
>> All was carefully checked and nothing in my configuration (acl etc ...)
>> explain why Squid insist to do DNS requests for requests forwarded to
>> the peer(s).
>>
> <snip>
>> #bug #4575
>> url_rewrite_extras XXX
>> store_id_extras XXX
> I dont think that workaround is working.
>
>> ------------------------------------
>>
>> Since the switch from 3.5.12 to 3.5.19/23, I am able to use a simpler
>> work around (I switched directly from 3.5.12 to 3.5.19 so I don't know
>> when the behavior changed):
>> Instead of installing a fake local DNS server and using
>> dns_nameservers 127.0.0.1
>> I could use
>> dns_nameservers none
>> Squid warn about non usable DNS and proceed normally. Before (tested
>> with 3.5.12 and lower) Squid hang.
>>
>   nice.
>
> I'm prety sure this is still bug 4575. I've added a comment there to
> mention how the workaround is broken, and your improved one.
>
> Amos




More information about the squid-users mailing list