Re: [squid-users] DNS Problems

From: Merton Campbell Crockett <mcc@dont-contact.us>
Date: Fri, 13 Feb 2004 15:14:15 -0800 (PST)

The problem with IBM and HP was discussed several weeks ago although it
may have been on a list other than Squid-Users. Regardless, its the
length of the response that is being returned. If your firewall policy is
too restrictive with regard to DNS queries, you will not be able to
resolve IBM or HP domain names. The DNS responses are somewhere in the
range of 600 to 900.

Merton Campbell Crockett

On Fri, 13 Feb 2004, Duane Wessels wrote:

>
>
>
> On Fri, 13 Feb 2004, Stephen J. McCracken wrote:
>
> > Squid Cache: Version 2.5.STABLE4-20040211
> >
> > Could someone please give me a pointer for the following DNS problems?
> >
> > On startup cache.log reports:
> >
> > 2004/02/13 16:20:27| Starting Squid Cache version 2.5.STABLE4-20040211
> > for i686-pc-linux-gnu...
> > 2004/02/13 16:20:27| Process ID 25708
> > 2004/02/13 16:20:27| With 32768 file descriptors available
> > 2004/02/13 16:20:27| Performing DNS Tests...
> > 2004/02/13 16:20:27| Successful DNS name lookup tests...
> > 2004/02/13 16:20:27| DNS Socket created at 0.0.0.0, port 33116, FD 4
> > 2004/02/13 16:20:27| Adding nameserver x.x.x.x from /etc/resolv.conf
> > 2004/02/13 16:20:27| Adding nameserver x.x.x.x from /etc/resolv.conf
> > 2004/02/13 16:20:27| helperOpenServers: Starting 6 'adzapper' processes
> > 2004/02/13 16:20:28| helperOpenServers: Starting 7 'ntlm_auth' processes
> >
> > I try to browse somewhere and get:
> >
> > The following error was encountered:
> >
> > Unable to determine IP address from host name for www.ibm.com
> > The dnsserver returned:
> >
> > No DNS records
> >
> > But on the proxy box itself get:
> >
> > -bash-2.05b$ host www.ibm.com
> > www.ibm.com has address 129.42.20.99
> > www.ibm.com has address 129.42.21.99
> > www.ibm.com has address 129.42.16.99
> > www.ibm.com has address 129.42.17.99
> > www.ibm.com has address 129.42.18.99
> > www.ibm.com has address 129.42.19.99
>
> Thats odd indeed. It might be helpful if you can run
> # tcpdump -v -s 1500 -n port domain
> while you make the HTTP request. Then we can see the contents of
> the answer from your DNS server.
>
> You might also try reconfiguring with --disable-internal-dns as a workaround.
>
> Also note that the 2.5.STABLE4 versions after Nov 2003 have a bug
> with the IP cache. I don't think it can cause the problem you're
> seeing, but you might want to stick with the last official stable
> release, or apply the patch given in
> http://www.squid-cache.org/bugs/show_bug.cgi?id=891
>
> Duane W.
>

-- 
BEGIN:				vcard
VERSION:			3.0
FN:				Merton Campbell Crockett
ORG:				General Dynamics Advanced Information Systems;
				Intelligence and Exploitation Systems
N:				Crockett;Merton;Campbell
EMAIL;TYPE=internet:		mcc@CATO.GD-AIS.COM
TEL;TYPE=work,voice,msg,pref:	+1(805)497-5045
TEL;TYPE=work,fax:		+1(805)497-5050
TEL;TYPE=cell,voice,msg:	+1(805)377-6762
END:				vcard
Received on Fri Feb 13 2004 - 16:15:04 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:02 MST