Your DNS responses were similar to what I saw on those same domains, but how is squid querying DNS, it can be set different than the host DNS servers that dig would be using.
Do you have any of the following options set in your squid.conf? If so what are they set to?
DNS OPTIONS
-----------------------------------------------------------------------------
* check_hostnames
* allow_underscore
* cache_dns_program
* dns_children
* dns_retransmit_interval
* dns_timeout
* dns_defnames
* dns_nameservers
* hosts_file
* dns_testnames
* append_domain
* ignore_unknown_nameservers
* ipcache_size
* ipcache_low
* ipcache_high
* fqdncache_size
Also if you haven't already, setup cachemgr.cgi, look at the general runtime information page, and see what the median service times are reporting for DNS Lookups. Also look at the IP Cache statistics, that will show you all cached domains, those should not have the delay when accessing them if It is purely a DNS issue causing the performance hit.
Thanks,
Dean Weimer
Network Administrator
Orscheln Management Co
-----Original Message-----
From: GARDAIS Ionel [mailto:Ionel.Gardais_at_tech-advantage.com]
Sent: Friday, June 06, 2008 2:56 PM
To: Henrik Nordstrom
Cc: Squid Users
Subject: [squid-users] RE : [squid-users] performances ... again
Okay ...
It's been the hardest 20 minutes of the day : find a few domain names that "should" have not been accessed and cached by our DNS.
Well, from Paris, France, time given by dig stats :
- mana.pf (French Polynesia, other side of the Earth, satellite link) : around 700ms
- aroundtheworld.com, astaluego.com, apple.is, dell.nl, Volvo.se : between 100 and 150ms
- nintendo.co.jp, Yamaha.co.jp, pioneer.co.jp : around 300ms
Cached entries are returned in less than 1ms.
Ionel
-----Message d'origine-----
De : Henrik Nordstrom [mailto:henrik_at_henriknordstrom.net]
Envoyé : vendredi 6 juin 2008 21:05
À : GARDAIS Ionel
Cc : Squid Users
Objet : Re: [squid-users] performances ... again
On fre, 2008-06-06 at 14:37 +0200, Ionel GARDAIS wrote:
> I got a user (whom I can trust) who uses an explicit proxy configuration
> : there are no improvments.
Ok. Then it's at the proxy, or the DNS servers it uses.
Remember that to diagnose DNS slowness you need to query for hosts and
domains which has not yet been visited, as the DNS server also caches a
lot. Lookups of already visited domains/hosts is not valid as proof to
say that the DNS is fine..
> I tried to avoid use of calls which cause DNS lookups (hence the
> host.match() and host.indexOf() ).
Good.
Regards
Henrik
Received on Fri Jun 06 2008 - 20:44:36 MDT
This archive was generated by hypermail 2.2.0 : Mon Jun 09 2008 - 12:00:04 MDT