[Dnsmasq-discuss] Re: [squid-users] squid dns problem
simon at thekelleys.org.uk
Thu Jul 6 07:55:58 BST 2006
> On 7/6/06, dny <mail2dny at gmail.com> wrote:
>> On 7/6/06, Henrik Nordstrom <henrik at henriknordstrom.net> wrote:
>> > ons 2006-07-05 klockan 18:08 +0700 skrev dny:
>> > > i have this weird problem with squid on a clean install ipcop 1.4.10
>> > >
>> > > there are lots of website give out error:
>> > > The dnsserver returned:
>> > > No DNS records
>> > >
>> > > ping to the domain from ipcop box gives unknown host error.
>> > >
>> > > but, when i ping the domain name from client pc, it gives out good
>> > > and when i disable the proxy, the website opened up fine.
>> > Most likely the two is using different DNS servers. The one used by the
>> > clients working, but the one used by Squid & ipcop broken...
>> > check /etc/resolv.conf.
>> > Regards
>> > Henrik
>> > -----BEGIN PGP SIGNATURE-----
>> > Version: GnuPG v1.4.4 (GNU/Linux)
>> > iD8DBQBErAFuB5pTNio2V7IRAujbAKCjKmaTTIpXn/bWF308iLb/FV/TsACgx2Hh
>> > 3BOAGu+Ht3K7HtAxiC8LPCg=
>> > =oxk9
>> > -----END PGP SIGNATURE-----
>> /etc/resolv.conf only have one ip, that is 127.0.0.1
>> because it's using dnsmasq to resolve the domain name.
>> restarting the ipcop will fix the problem for few hours.
>> then it occurs again...
>> i think maybe the problem is with dnsmasq not powerful enough on a
>> busy proxy?
>> i'm adding my isp dns into /etc/resolv.conf and we'll see if problem
>> fixed or not....
> adding isp's dns into /etc/resolv.conf do not solve my problem.
> the error still happening.
The amount of work that dnsmasq will do per web page is very small
compared to that needed by squid, so if the host is powerful enough for
squid, it's powerful enough for dnsmasq. Dnsmasq is fairly efficient.
In the event that dnsmasq is getting overwhelmed by queries, it will log
a "forwarding table overflow", so you should check for that.
It's quite easy to get confused in these situations by the caching
nature of DNS: a lookup fails, so you make a config change and now it
works, but the reason is that some slow nameserver somewhere in the
chain from the root has now cached the vital information and gets it
back before the timeout, whilst the first time the cache was cold and
the server was not fast enough.
If you have an alternative available to yout ISPs nameservers, it's
worth trying that - some ISP nameservers are really flaky. Also try and
see if the problem is confined to just some domains; that points to
overloaded/misconfigured authoritative servers for those domains.
More information about the Dnsmasq-discuss