[squid-users] DNS round-robin behaviour

[Alex Rousskov]

On 2025-07-11 05:54, paolo.prinx at gmail.com wrote:

> how does Squid behave when it receives a DNS 
> response containing multiple IP addresses? Does it pick a random one in 
> the list, or does it stick to a certain order?

Modern Squids usually use the first received IPv4 address for all 
transactions going to the corresponding host. Other received IPv4 
addresses are used (in the order they were received, wrapping up in a 
round-robin fashion) only if the current address is marked as "bad" due 
to errors when trying to establish a TCP connection to that host.

The same is true for received IPv6 addresses.

When both IPv4 and IPv6 addresses were received prior to the connection 
opening attempt, the first received address is used in error-free cases. 
Squid sends DNS A query immediately followed by a DNS AAAA query (where 
supported), so there may be bias towards IPv4 addresses if answers to 
DNS queries usually come in the order the queries were sent.


> In our config, we have squid pointing to a pool of dnsdist resolvers, 
> that implement a local packet cache with a 300-second TTL. We are seeing 
> unbalanced traffic distributions, was wondering if there is anything we 
> should configure on the Squid side, or if we should instead look to 
> change the responses returned by the DNS resolver.

I would not try to balance load using DNS. If you want to do it using 
Squid, then using round-robin or a similar cache_peer selection method 
may be worth investigating/testing.


HTH,

Alex.