[squid-users] peer-select.cc, cache_peer and dns queries

[Alex Rousskov]

On 2026-01-13 01:51, archer wrote:

> Please check full log at ...

Thank you for sharing that log.


> In this attempt, I tried to visit google.

The first corresponding DNS lookup is triggered by Squid NetDB feature. 
To disable that feature, ./configure Squid with `--disable-icmp`.

AFAICT, there is no squid.conf option that would disable those lookups 
in Squids built with `--enable-icmp` (which is also the default).


HTH,

Alex.


>> On Jan 13, 2026, at 9:48 AM, Alex Rousskov wrote:
>>
>> On 2026-01-12 20:22, Archer wrote:
>>
>>> I picked up this part of log as  evidence that Squid does conduct DNS 
>>> lookups AFTER a peer connection is selected( log ommited). In the 
>>> configuration, a cache peer (parent proxy) for specified domains 
>>> presents.
>>> And the relative part of config is already provided in some other 
>>> thread of this post. TY
>>
>>
>> FWIW, if I have access to a full debugging log collected while 
>> reproducing the problem, I may be able to tell you what causes DNS 
>> lookups in your specific environment. I discourage Squid admins from 
>> studying debugging logs because they are meant for Squid developers 
>> and can be very misleading.
>>
>> https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction <https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction>
>>
>> Without looking at the logs, and without investing a lot of time in 
>> trying to reproduce the problem locally based on the partial 
>> information you have shared, I can only offer guesses, and I have done 
>> that already.
>>
>> Alex.
>>
>>
>>> On 2026-01-09 17:19, archer wrote:
>>>> cache_peer a.b.c.d parent ... name=NodeNG
>>>> always_direct extranet_whitelist
>>>> never_direct extranet
>>>> I observed peer-select.cc still conducting DNS lookups on an 
>>>> extranet domain , which is a purely domain-based ACL. e.g.
>>>>
>>>> peer_select.cc(833) selectSomeParent: CONNECT www.example.com
>>>> ...
>>>> peer_select.cc(460) resolveSelected: Find IP destination for: 
>>>> www.example.com:443 via a.b.c.d
>>> The above debugging log snippet is unrelated to ACLs checking/code.
>>> Squid says that it needs to resolve a.b.c.d to connect to a peer at 
>>> that a.b.c.d address. If a.b.c.d is alerady an IP address, then that 
>>> resolution is going to be a no-op -- no actual DNS queries will be sent.
>>> I do not know what triggers other DNS queries in your case. If I have 
>>> to guess, I would guess that peer selection algorithm finds multiple 
>>> ways to satisfy that CONNECT-to-X request and some of those ways 
>>> include a direct connection to X, triggering X resolution.
>>>> So, what can I do to have extranet DNS handled by the parent proxy, 
>>>> while leaving the remainder to the child proxy, with a domain list ?
>>>> Squid Cache: Version 5.7
>>> FWIW, the above version is not supported by the Squid Project.
>>> Alex.
>>
>