[squid-users] peer-select.cc, cache_peer and dns queries

Alex Rousskov rousskov at measurement-factory.com
Mon Jan 12 20:02:09 UTC 2026

Previous message (by thread): [squid-users] peer-select.cc, cache_peer and dns queries
Next message (by thread): [squid-users] peer-select.cc, cache_peer and dns queries
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2026-01-09 17:19, archer wrote:

> cache_peer a.b.c.d parent ... name=NodeNG
> always_direct extranet_whitelist
> never_direct extranet

> I observed peer-select.cc still conducting DNS 
> lookups on an extranet domain , which is a purely domain-based ACL. e.g.
> 
> peer_select.cc(833) selectSomeParent: CONNECT www.example.com
> ...
> peer_select.cc(460) resolveSelected: Find IP 
> destination for: www.example.com:443 via a.b.c.d

The above debugging log snippet is unrelated to ACLs checking/code.

Squid says that it needs to resolve a.b.c.d to connect to a peer at that 
a.b.c.d address. If a.b.c.d is alerady an IP address, then that 
resolution is going to be a no-op -- no actual DNS queries will be sent.

I do not know what triggers other DNS queries in your case. If I have to 
guess, I would guess that peer selection algorithm finds multiple ways 
to satisfy that CONNECT-to-X request and some of those ways include a 
direct connection to X, triggering X resolution.

> So, what can I do to have extranet DNS handled by the parent proxy, 
> while leaving the remainder to the child proxy, with a domain list ?

> Squid Cache: Version 5.7

FWIW, the above version is not supported by the Squid Project.

Alex.

Previous message (by thread): [squid-users] peer-select.cc, cache_peer and dns queries
Next message (by thread): [squid-users] peer-select.cc, cache_peer and dns queries
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the squid-users mailing list