[squid-users] Squid not failing over to secondary DNS host

Amos Jeffries squid3 at treenet.co.nz
Thu Oct 12 04:53:15 UTC 2017


On 12/10/17 15:04, Geoffrey wrote:
> Hello folks,
> 
> I am finding that Squid will not use the secondary DNS if the first
> one is taken offline. In this case the primary DNS is not able to
> respond because I have taken it offline, and therefore the secondary
> DNS should be queried by squid, but is not.
> 

How are you determining that exactly?
  squid logs? DNS logs? firewall counters? packet traces?


> I have 2 Windows recursive DNS servers; 192.168.100.249 and
> 192.168.100.248, that are statically specified in /etc/resolv.conf. I
> am authenticating against AD using i) Kerberos and ii) NTLM.
> 
> This looks like it is a Squid internal dns client response rather than
> operating system. While 192.168.100.249 is offline, all other queries
> done by command-line queries work OK which indicates the system is
> using the secondary DNS server fineā€¦ just not Squid!
> 
> What we want to happen of course is that if the primary
> (192.168.100.249) is down or it cannot contact root DNS servers, then
> it contacts the secondary nameserver specified on the LAN (as per the
> configuration in resolv.conf) and resolves the name.
> 
> *Squid is SUCCESSFULLY reading resolv.conf as proved in cache.log after reload
> *Setting dns resolvers directly in the squid config file with
> 'dns_nameservers' does not resolve the issue as the symptom is
> identical
> *modified squid dns timeouts to a low value (less than 10 secs) for
> testing but made no difference
> 
> Many thanks for any ideas you may have.


What does the cachemgr "idns" report say?


command line:
   squidclient mgr:idns

or URL:
   http://$(visible_hostname):3128/squid-internal-mgr/idns


Amos


More information about the squid-users mailing list