Hi All,
During analysing DNS traffic from 22 2.6.STABLE21 Squids I have noticed that there is a substantial number of queries where Squids try to resolve hostname of its peers. All of the boxes run as independent servers, without shared cache.
My question is why they need IP of others Squids, and where did they get hostname of them?
Servers run only Squid daemon, so there isn't any www or any other extra service on them. We use Cisco ACE hardware load balancer, where all of the Squids are represented by 1 IP.
I am attaching below sample of squid.conf:
http_port x.x.x.x:3128
http_port 127.0.0.1:3128
visible_hostname proxy.xxx.uk.com
cache_mgr xxx_at_xxx.co.uk
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
#----Cache Parameters----
cache_dir aufs /cache/disk1 56000 16 256
cache_mem 512 MB
cache_swap_low 93
cache_swap_high 95
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
maximum_object_size 20 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 48 KB
store_avg_object_size 32 KB
memory_pools off
log_icp_queries off
max_filedesc 16384
#----DNS Parameters----
hosts_file /etc/hosts
dns_nameservers x.x.x.x y.y.y.y z.z.z.z
ipcache_size 250000
fqdncache_size 4096
ipcache_low 90
ipcache_high 95
positive_dns_ttl 6 hours
negative_dns_ttl 30 minutes
#----Logging Parameters----
cache_log /var/log/squid/cache.log
cache_store_log none
cache_access_log none
debug_options ALL,1 5,2 59,2 63,2 77,2
error_directory /usr/share/squid/errors/English
#----Rewriter/Redirector Parameters---
#url_rewrite_program /usr/local/netsweeper/bin/redir -f http://x.x.x.x:8080/webadmin/deny/unavail.php -P3429 x.x.x.x
url_rewrite_program /usr/local/netsweeper/bin/pcf_redir.pl
url_rewrite_children 128
#----Authentication Parameters----
# Setup Proxy Authentication (default disabled)
# auth_param basic program /usr/local/netsweeper/auth/radius_attr example.radius.svr:1812 secret
auth_param basic children 5
auth_param basic realm NetSweeper Authentication Required
auth_param basic credentialsttl 2 hours
#----Connection Time Out Parameters----
shutdown_lifetime 30 seconds
half_closed_clients off
quick_abort_min 0 KB
quick_abort_max 0 KB
negative_ttl 30 minutes
#----Global ACLs----
#------- we don't have any of Squids IPs/names in any of ACLs --------#
....
..
..
Regards
Dariusz
----------------------------------------------------------------------------------------------------------
Synetrix Holdings Limited
Tel: +44 (0)1252 405 600
www.synetrix.co.uk
Synetrix (Holdings) Limited is a limited company registered in England and Wales. Registered number: 0349 1956. VAT number: GB776 1259 07. Registered office: Synetrix (Holdings) Ltd, 17-19 Rochester Row, London, SW1P 1QT.
IMPORTANT NOTICE:
This message is intended solely for the use of the Individual or organisation to whom it is addressed. It may contain privileged or confidential information. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you should not use, copy, alter, or disclose the contents of this message. All information or opinions expressed in this message and/or any attachments are those of the author and are not necessarily those of Synetrix Holdings Limited. Synetrix Holdings Limited accepts no responsibility for loss or damage arising from its use, including damage from virus.
Received on Wed Feb 24 2010 - 16:46:09 MST
This archive was generated by hypermail 2.2.0 : Thu Feb 25 2010 - 12:00:06 MST