[squid-users] peer-select.cc, cache_peer and dns queries

Alex Rousskov rousskov at measurement-factory.com
Tue Jan 13 01:48:13 UTC 2026

Previous message (by thread): [squid-users] peer-select.cc, cache_peer and dns queries
Next message (by thread): [squid-users] peer-select.cc, cache_peer and dns queries
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2026-01-12 20:22, Archer wrote:

> I picked up this part of log as  evidence that Squid does 
> conduct DNS lookups AFTER a peer connection is selected( log ommited). 
> In the configuration, a cache peer (parent proxy) for specified domains 
> presents.
> 
> And the relative part of config is already provided in some other thread 
> of this post. TY


FWIW, if I have access to a full debugging log collected while 
reproducing the problem, I may be able to tell you what causes DNS 
lookups in your specific environment. I discourage Squid admins from 
studying debugging logs because they are meant for Squid developers and 
can be very misleading.

https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction

Without looking at the logs, and without investing a lot of time in 
trying to reproduce the problem locally based on the partial information 
you have shared, I can only offer guesses, and I have done that already.

Alex.


> On 2026-01-09 17:19, archer wrote:
> 
>> cache_peer a.b.c.d parent ... name=NodeNG
>> always_direct extranet_whitelist
>> never_direct extranet
> 
> 
>> I observed peer-select.cc still conducting DNS lookups on an extranet domain , which is a purely domain-based ACL. e.g.
>>
>> peer_select.cc(833) selectSomeParent: CONNECT www.example.com
>> ...
>> peer_select.cc(460) resolveSelected: Find IP destination for: www.example.com:443 via a.b.c.d
> 
> The above debugging log snippet is unrelated to ACLs checking/code.
> 
> Squid says that it needs to resolve a.b.c.d to connect to a peer at that a.b.c.d address. If a.b.c.d is alerady an IP address, then that resolution is going to be a no-op -- no actual DNS queries will be sent.
> 
> I do not know what triggers other DNS queries in your case. If I have to guess, I would guess that peer selection algorithm finds multiple ways to satisfy that CONNECT-to-X request and some of those ways include a direct connection to X, triggering X resolution.
> 
> 
>> So, what can I do to have extranet DNS handled by the parent proxy, while leaving the remainder to the child proxy, with a domain list ?
> 
> 
>> Squid Cache: Version 5.7
> 
> FWIW, the above version is not supported by the Squid Project.
> 
> Alex.
>

Previous message (by thread): [squid-users] peer-select.cc, cache_peer and dns queries
Next message (by thread): [squid-users] peer-select.cc, cache_peer and dns queries
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the squid-users mailing list