On 17/09/2012 12:52 p.m., 叶雨飞 wrote:
> Using squid 3.2 and I frequently see such problem:
>
> 2012/09/16 17:49:02 kid1| Failed to select source for
> 'http://www.googleads.g.doubleclick.net/pagead/viewthroughconversion/1033191019/?value=0&label=LDO7CJ2XvwMQ6_zU7AM&guid=ON&script=0'
> 2012/09/16 17:49:02 kid1| always_direct = 1
> 2012/09/16 17:49:02 kid1| never_direct = 0
> 2012/09/16 17:49:02 kid1| timedout = 0
>
> Note that this is actually an NXDOMAIN error ,
No this is an "Failed to select source" error. Squid is unable to
locate *any* source for the request to be fetched from. DNS lookup
(DIRECT request) is only one of several types of sources Squid is trying
to locate.
The fact that you configured always_direct to be '1' (ALLOW) and
NXDOMAIN occured when doing so is a separate error which caused this
"Failed to select source".
> however I would like to
> make squid not retry and fail fast and don't print these out, what
> config directive do I need?
What you describe wanting to happen is what Squid is already doing...
... Squid Receives an HTTP request.
... Looks up destination sources where it can be retrieved (cache,
peers, DNS records).
... None found.
... Print that message to your log (at IMPORTANT messages level)
... Send NXDOMAIN error page back to the client (since it is the most
specific problem of the two).
Things to note:
* Retry is not happening. There are ZERO destinations which can be tried
to start with, so nothing to *re*-try.
* Fast failure is dependent on how fast the DNS response comes back.
* To not print them out you set the debug_options level to ALL,0
(critical only messages).
BTW you need to fix your DNS service, Google is a major service. It is
doubtful their DNS is returning NXDOMAIN for that query.
Use dstdomain ACL in Squid to block requests if you are trying to
blacklist it as an advertising source.
Amos
Received on Mon Sep 17 2012 - 02:16:22 MDT
This archive was generated by hypermail 2.2.0 : Mon Sep 17 2012 - 12:00:03 MDT