[squid-users] log_fqdn

From: Vladimir Dyakov <[email protected]>
Date: Thu, 16 Oct 2003 13:22:28 +0600

I have set log_fqdn option to "on" and have now problem which I cannot
solve. My log seems to work fine but sometimes records with unresolved
ip's appear instead of domain names. I have bind server functioning on
the localhost, so there should be minimum delay. I have even updated
squid to version 2.5-STABLE2 (had 2.4-STABLE6 or something). Someone
said in this list that there can be problems if dns responses are too
slow. But 1) dns is local and 2) named maintains the zone and it's
reverse for clients.

# grep -v ^# /etc/squid/squid.conf | grep -v ^$
http_port 213.24.8.66:3128
icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/spool/squid 1024 16 256
log_fqdn on
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl src_our src 192.168.128.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow src_our
http_access deny all
http_reply_access allow src_our
http_reply_access deny all
icp_access allow all
cache_effective_user squid
cache_effective_group squid

# grep "192.168.128.55" /var/log/squid/access.log
1066280950.360 0 192.168.128.55 TCP_NEGATIVE_HIT/403 616 GET
http://www.elephant.perm.ru/ - NONE/- text/html

# time host 192.168.128.55
55.128.168.192.in-addr.arpa domain name pointer
dyakov.office-perm.intersyst.ru.

real 0m0.013s
user 0m0.000s
sys 0m0.010s

-- 
Vladimir Dyakov
JSC "INTERSYST"
+7 (3422) 909116
vladimir.dyakov@intersyst.ru
Received on Thu Oct 16 2003 - 01:22:34 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:30 MST