Squid and named DNS

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Squid and named DNS

Kiraly Zoltan
I have an OpenBSD gateway which share the Internet and use Squid.
Squid proxy work transparent, OpenBSD PF allow this thing :

rdr pass on fxp0 proto tcp to port www -> 127.0.0.1 port 3128

I use Squid to filter web content like ad and pop-up (adzaper), I don't
use Squid for cache.

The problem is, when i use Squid  many webpage open slow, for example
sometimes i wait much in Firefox at "Waiting for www.pagexy.com..."
message. Without Squid all page open faster.

I use named on gateway. I have this settings in /var/named/etc/named.conf

acl clients {
        192.168.10.0/24;
        ::1;
};

options {
        forward only;
        forwarders { 193.231.249.1; };
        version "";     // remove this to allow version queries

        listen-on    { any; };
        listen-on-v6 { any; };

        allow-recursion { clients; };
};

I hear Squid don't really like named, is true? or anyone use Squid with
named and don't have problems, any idea?

Thank you very much !

Reply | Threaded
Open this post in threaded view
|

Re: Squid and named DNS

Alexander Bochmann
Hi,

...on Fri, Jan 27, 2006 at 12:10:22PM +0200, Kiraly Zoltan wrote:

 > I use Squid to filter web content like ad and pop-up (adzaper), I don't
 > use Squid for cache.
 > The problem is, when i use Squid  many webpage open slow, for example
 > sometimes i wait much in Firefox at "Waiting for www.pagexy.com..."
 > message. Without Squid all page open faster.

I assume that with your contentfilter setup squid won't
pass data until it's been fully loaded - otherwise the
content filter can't be shure to block the transmission
if it detects anything harmful. So you will see a considerable
delay more or less by design.

Not using caching is also counterproductive, as you'll
have the system scanning everything all over again.

 > I hear Squid don't really like named, is true? or anyone use Squid with
 > named and don't have problems, any idea?

That sounds like a bit of crap to me, in what way should
squid not "like" named? Ok, both can be memory hogs,
depending on their configuration, so if you're low on memory
you wouldn't want to have both on the same box, but that's
about it...

I doubt DNS is your problem, but your setup is probably
suboptimal. Squid does it's own DNS caching, so letting
it access a server that is forward-only itself (basically
another cache level) at least won't do much good.

Alex.

Reply | Threaded
Open this post in threaded view
|

Re: Squid and named DNS

Michael C. Ibarra
In reply to this post by Kiraly Zoltan
Hi;

I am not sure what you are saying here, but if you think you are  
having a DNS isse, then try adding this to your squid.conf:
dns_testnames localhost
Have you disabled caching?  If this does not work, then you should  
probably bring this up in the squid-users list,  
        [hidden email].

Good luck,

-mike


Quoting Kiraly Zoltan <[hidden email]>:

> I have an OpenBSD gateway which share the Internet and use Squid.
> Squid proxy work transparent, OpenBSD PF allow this thing :
>
> rdr pass on fxp0 proto tcp to port www -> 127.0.0.1 port 3128
>
> I use Squid to filter web content like ad and pop-up (adzaper), I don't
> use Squid for cache.
>
> The problem is, when i use Squid  many webpage open slow, for example
> sometimes i wait much in Firefox at "Waiting for www.pagexy.com..."
> message. Without Squid all page open faster.
>
> I use named on gateway. I have this settings in /var/named/etc/named.conf
>
> acl clients {
>         192.168.10.0/24;
>         ::1;
> };
>
> options {
>         forward only;
>         forwarders { 193.231.249.1; };
>         version "";     // remove this to allow version queries
>
>         listen-on    { any; };
>         listen-on-v6 { any; };
>
>         allow-recursion { clients; };
> };
>
> I hear Squid don't really like named, is true? or anyone use Squid with
> named and don't have problems, any idea?
>
> Thank you very much !

Reply | Threaded
Open this post in threaded view
|

Re: Squid and named DNS

Alexander Farber
In reply to this post by Kiraly Zoltan
Hi,

I use squid in a similar environment too and have
learnt in  comp.protocols.dns.bind  that forwarders are evil.
Remove that line from your named.conf.

I also used adzap (and before - squeezeball) to
filter out ads for my home network hanging on ADSL

But then I stopped doing that and just installed the Adblock
extension on all my Firefox installations (both OpenBSD and Win).
Adblock just lets you block more stuff than just images and adding
new block rules is easy (you can export and reuse them too)

Also I had DNS problems for the zaps-images used by AdZap -
check if maybe that is the reason for your slowliness as well.
I had them on my internal web server, but the ServerName on
that web server was wrong. That slowed all my browsing down

Regards
Alex

On 1/27/06, Kiraly Zoltan <[hidden email]> wrote:

> I have an OpenBSD gateway which share the Internet and use Squid.
> Squid proxy work transparent, OpenBSD PF allow this thing :
>
> rdr pass on fxp0 proto tcp to port www -> 127.0.0.1 port 3128
>
> I use Squid to filter web content like ad and pop-up (adzaper), I don't
> use Squid for cache.
>
> The problem is, when i use Squid  many webpage open slow, for example
> sometimes i wait much in Firefox at "Waiting for www.pagexy.com..."
> message. Without Squid all page open faster.
>
> I use named on gateway. I have this settings in /var/named/etc/named.conf
>
> acl clients {
>         192.168.10.0/24;
>         ::1;
> };
>
> options {
>         forward only;
>         forwarders { 193.231.249.1; };
>         version "";     // remove this to allow version queries