LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 08-29-2008, 03:12 AM   #1
romeo_tango
Member
 
Registered: Nov 2006
Distribution: Mint
Posts: 148

Rep: Reputation: 15
Squid failed to query DNS


Hi, I use Squid Version 2.6.STABLE6 in my server.

I have encountered many pages like this :

Code:
The requested URL could not be retrieved
-----------------------------------------------------------------------------
While trying to retrieve the URL: http://www.google.com/search?

The following error was encountered:

Unable to determine IP address from host name for www.google.com

The dnsserver returned:

Refused: The name server refuses to perform the specified operation.

This means that:

 The cache was not able to resolve the hostname presented in the URL. 

 Check if the address is correct. 

Your cache administrator is root.
-------------------------------------------------------------------------
(squid/2.6.STABLE6)
If I reloaded the page using CTRL + F5, the page will then loading normally. Does somebody already know what is going on here?

Thanks.
 
Old 08-29-2008, 04:40 AM   #2
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 3,919

Rep: Reputation: 779Reputation: 779Reputation: 779Reputation: 779Reputation: 779Reputation: 779Reputation: 779
Quote:
Originally Posted by romeo_tango View Post
The dnsserver returned:
Refused: The name server refuses to perform the specified operation.
This means that:
[FONT="Fixedsys"] The cache was not able to resolve the hostname presented in the URL.
Given that I am tempted to believe that the error message (although it may just be a mis-statement of the condition) means what it says, that sounds like the problem is with the nameserver, or just possibly the interaction between squid and the nameserver.

Have you anyway of observing what the nameserver thinks about this (logs, dig)? What is the nameserver (bind?).

Have you tried with, e.g., wireshark, to see whether the messages suggest that there is a timeout occuring (perhaps the timeout is occuring on the internet side or perhaps it is occuring between the nameserver and squid)?
 
Old 08-29-2008, 04:43 AM   #3
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
What are the contents of /etc/resolv.conf on your proxy server?
 
Old 08-29-2008, 05:19 AM   #4
romeo_tango
Member
 
Registered: Nov 2006
Distribution: Mint
Posts: 148

Original Poster
Rep: Reputation: 15
here are the /etc/resolv.conf contents :

Code:
# cat /etc/resolv.conf 
nameserver 202.x.x.x 
nameserver 202.x.x.x
the DNS is on ISP-side, not local. I have use their DNS in other box which is not behind a proxy and such thing never happened so i do believe that it's not the DNS, perhaps there is a misconfiguration in my firewall or the squid.. hmm..

what made me confused is that thing happening only few times, maybe when peak-traffic times that made things harder to be analyzed.
 
Old 08-29-2008, 05:27 AM   #5
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
For a machine that is going to generate as many DNS requests as a proxy server, it's probably a good idea to run a local caching-only nameserver to increase performance.

As for the error, since the recent patches to BIND, performance has gone down quite a bit. It's not uncommon now for a DNS server to be overloaded with too many recursive queries and not be able to answer new queries. Also due to the port randomization being used, some firewalls are closing the temporary rule to allow UDP responses before the reply actually comes back, but that would result in a time-out error instead of a refused error.
 
Old 08-29-2008, 05:46 AM   #6
romeo_tango
Member
 
Registered: Nov 2006
Distribution: Mint
Posts: 148

Original Poster
Rep: Reputation: 15
hmm.. okay, i'm gonna try to add the local dns first

thanks for your explanation sir..
 
  


Reply

Tags
proxy, squid


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS query bikebefast Linux - Networking 31 01-03-2008 11:38 PM
DNS query sanw2k Linux - Networking 1 03-12-2005 12:31 AM
SQUID cache_peer query wennie Linux - Software 0 02-06-2005 01:26 AM
squid conf: squid failed when I type insert redirect_program /usr/bin/squidguard Niceman2005 Linux - Software 1 11-24-2004 03:29 PM
DNS query chynna_v Linux - Newbie 1 09-15-2004 05:57 AM


All times are GMT -5. The time now is 07:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration