Hi Mike,
No i don't have a cisco PIX between the DNS server and the squid server. I
have a Linux server which does the routing for the internet. The DNS and the
squid server are on separate boxes but with no other equipment between them
apart from the standard Ethernet cards & switches!!!!
any other ideas?
Regards
Kamesh
-----Original Message-----
From: Mike Mitchell [mailto:Mike.Mitchell@sas.com]
Sent: 10 October 2002 21:13
To: Kamesh Patel
Subject: RE: An odd result when going to hotmail.com
Do you have a Cisco PIX between the DNS server your squid uses and the
Internet? If so, does the DNS server support EDNS queries? If you answered
yes to both questions, then the PIX is blocking DNS responses bigger than
512 bytes. The DNS RFCs specify 512-byte maximum packets, and the newer
EDNS RFCs tell how to negotiate a transfer size. The PIX will block any UDP
traffic to or from port 53 (DNS) that is greater than 512 bytes. The DNS
servers see this as a timeout and eventually give up. Sometimes they'll
manage to switch to a non-EDNS query before giving up, so you'll get an
answer.
Cisco knows about the problem but says it is a design "feature".
-----Original Message-----
From: Kamesh Patel [mailto:kamesh.patel@emsgroup.co.uk]
Sent: Monday, October 07, 2002 6:03 AM
To: 'Squid Users'
Subject: An odd result when going to hotmail.com
Hello all,
I am having a bit of trouble with squid 2.4 Stable7-1 and the hotmail.com
website.
Its a bit of a weird characteristic but this is what happens:
I go to www hotmail.com and it gets to the site fine, i type the username
and password in then click on sign on. The page waits and then goes to: 'The
page cannot be displayed' 'Could not find server or DNS Error'
I click back on the browser and login again and it goes in fine.
My squid is set up as an accelerated transparent proxy with squidGuard.
When the initial request goes to squid from the client browser i get a
single line request saying:
1033984602.266 592 192.168.2.70 TCP_MISS/302 227 GET
http://www.hotmail.com/ username DIRECT/64.4.52.7 -
A reattempt is required in order to get it to actually load the page which
has just been signed into once the reattempt has been made there are a lot
more lines referring to hotmail in the access.log file.
Can anybody help me with this?
Thanks in advance
Kamesh
Received on Fri Oct 11 2002 - 01:30:47 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:40 MST