I am working on testing a hosted web filter solution, this involves chaining our internal squid proxy to the hosted web filter proxy server. I was seeing very poor performance and found several "TCP connection to filters.dnsdomainname.com/8081 failed" entries in the log. I discovered that changing he line to the IP address stopped this problem. Further searching found a bug in 3.0 where using a DN name for a parent and the name= option on a chace_peer line caused it to try and lookup the name= value instead of the DNS name. I went back and removed the name= option and set or line back to the DNS domain name. TCP connection errors are gone now.
I am running version 3.1.1 here is the relevant part of the configuration.
always_direct allow nonfilter
never_direct allow all
# Original Configuration, appears to work sometimes, but frequent connection errors
# cache_peer filters.dnsdomainname.com parent 8081 0 name=webfilter no-query default login=PASS no-digest connect-timeout=10 connection-auth=on
## Second Try, works, but need to use DNS name in case they change their IP
## cache_peer 192.168.1.1 parent 8081 0 name=webfilter no-query default login=PASS no-digest connect-timeout=10 connection-auth=on
### Third try works, and is acceptable, but would be easier if I could use the name= option
cache_peer filters.dnsdomainname.com parent 8081 0 no-query default login=PASS no-digest connect-timeout=10 connection-auth=on
Everything works this way, but I thought I would throw this out there, in case someone else is struggling with the same problem.
Thanks,
Dean Weimer
Network Administrator
Orscheln Management Co
Received on Wed Mar 31 2010 - 17:25:22 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 12:00:05 MDT