[squid-users] [ext] Re: dns_nameservers directive
Ralf Hildebrandt
Ralf.Hildebrandt at charite.de
Wed Oct 5 13:59:52 UTC 2022
* Alex Rousskov <rousskov at measurement-factory.com>:
> > But... monitoring reported dns_query_time rose to about 8000ms,
Sorry, 18000ms :)
> Disclaimer: My response below is based on quick code analysis without any
> tests. It ignores many complications, including two DNS query types for each
> name (A and AAAA) and chasing dns_defnames after NXDOMAIN.
>
> Squid dns_timeout does not control when Squid sends a query to the second
> DNS nameserver. It controls when Squid completely gives up on trying to
> resolve a name. Such resolution failures often lead to transaction
> forwarding errors.
OK!
> The time[out] gap between two repeated DNS queries within one resolution
> attempt is controlled by dns_retransmit_interval (including its exponential
> back-off algorithm). See below for more details.
Ah, I see.
> Not yet AFAICT: Today, Squid starts with the first nameserver and uses the
> second nameserver only when the first query fails (including
> dns_retransmit_interval timeouts). If there is enough time (see dns_timeout)
> and there are only two DNS nameservers configured, then Squid will use the
> first nameserver again (for the same resolution attempt) if the second
> query/nameserver fails, and so on (i.e. a round robin scan across all
> configured nameservers that always starts with the first nameserver).
>
> Thus, if I am reading the code correctly, an unresponsive first nameserver
> will cripple your Squid even if the second nameserver is perfectly healthy
> :-(.
Yes, that's what I observed here :)
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155
ralf.hildebrandt at charite.de
https://www.charite.de
More information about the squid-users
mailing list