[Dnsmasq-discuss] Re: [squid-users] squid dns problem

Simon Kelley simon at thekelleys.org.uk
Wed Jul 12 14:06:33 BST 2006


Eric S. Johansson wrote:
> dny wrote:
> 
>>On 7/6/06, Henrik Nordstrom <henrik at henriknordstrom.net> wrote:
>>
>>>ons 2006-07-05 klockan 18:08 +0700 skrev dny:
>>>
>>>>i have this weird problem with squid on a  clean install ipcop 1.4.10
>>>>
>>>>there are lots of website give out error:
>>>>The dnsserver returned:
>>>>    No DNS records
>>>>
>>>>ping to the domain from ipcop box gives unknown host error.
>>>>
>>>>but, when i ping the domain name from client pc, it gives out good 
>>>
>>>reply.
>>>
>>>>and when i disable the proxy, the website opened up fine.
>>>
>>>Most likely the two is using different DNS servers. The one used by the
>>>clients working, but the one used by Squid & ipcop broken...
>>>check /etc/resolv.conf.
>>>
>>>Regards
>>>Henrik
>>>
>>>
>>>-----BEGIN PGP SIGNATURE-----
>>>Version: GnuPG v1.4.4 (GNU/Linux)
>>>
>>>iD8DBQBErAFuB5pTNio2V7IRAujbAKCjKmaTTIpXn/bWF308iLb/FV/TsACgx2Hh
>>>3BOAGu+Ht3K7HtAxiC8LPCg=
>>>=oxk9
>>>-----END PGP SIGNATURE-----
>>>
>>>
>>>
>>
>>/etc/resolv.conf only have one ip, that is 127.0.0.1
>>because it's using dnsmasq to resolve the domain name.
>>
>>restarting the ipcop will fix the problem for few hours.
>>then it occurs again...
>>
>>i think maybe the problem is with dnsmasq not powerful enough on a busy 
>>proxy?
>>
>>i'm adding my isp dns into /etc/resolv.conf and we'll see if problem
>>fixed or not....
>>
>>rgds,
>>dny
>>
>>--- http://bloglines.com/public/bacaan --- harini udah baca blom?
>>
> 
> at first I didn't pay attention to this thread but I'm seeing something 
> similar.  Originally I was pointing my name servers to Comcast name 
> servers and I was resolving about one site in five.  Then some friends 
> gave me permission to use their name servers and I'm now missing one 
> site in 10-20.  There seems to be something load or time sensitive in 
> how dnsmasq interacts with its upstream name server.  it appears that 
> when things go wrong, packets get dropped and there is no chance of 
> recovery.  I tried turning off negative caching but that didn't help 
> any.  If memory serves it made things worse but I need to verify that.
> 

If dnsmasq has one upstream nameserver, then the reliability should be 
exactly the same as the upstream nameserver. The only exception is under 
heavy load, when dnsmasq can be forced to drop queries. It logs a 
"forwarding table overflow" if this happens. If dnsmasq has more than 
one upstream nameserver, then reliability should be quite a lot better 
than any single upstream server, because dnsmasq can try the query over 
multiple upstream servers. The algorithms for doing this have subtly 
evolved over time, so later releases can be significantly better than 
earlier ones.


HTH

Simon.



More information about the Dnsmasq-discuss mailing list