2026-01-14

Author: squidadm

squid-users/2026-January.txt

@@ -1942,3 +1942,92 @@ Size: 137279 bytes
 Desc: not available
 URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20260112/ff7dd0c6/attachment-0001.png>
 
+From rousskov at measurement-factory.com  Tue Jan 13 20:59:05 2026
+From: rousskov at measurement-factory.com (Alex Rousskov)
+Date: Tue, 13 Jan 2026 15:59:05 -0500
+Subject: [squid-users] peer-select.cc, cache_peer and dns queries
+In-Reply-To: <7663FB89-0DEA-4AAA-A720-222C4D19ABF4@139.com>
+References: <C6552CCA-44F1-4FBE-B4AE-2CB20C955301@139.com>
+ <ec0ae64f-350c-4661-b27f-821436f66036@measurement-factory.com>
+ <2b4169659e66d98-00001.Richmail.00020836837433808968@139.com>
+ <6e1f74f3-ca70-4cd5-8b12-40f5ab1c9cac@measurement-factory.com>
+ <7663FB89-0DEA-4AAA-A720-222C4D19ABF4@139.com>
+Message-ID: <bec610c5-9f44-4547-a99b-dfbc38294699@measurement-factory.com>
+
+On 2026-01-13 01:51, archer wrote:
+
+> Please check full log at ...
+
+Thank you for sharing that log.
+
+
+> In this attempt, I tried to visit google.
+
+The first corresponding DNS lookup is triggered by Squid NetDB feature. 
+To disable that feature, ./configure Squid with `--disable-icmp`.
+
+AFAICT, there is no squid.conf option that would disable those lookups 
+in Squids built with `--enable-icmp` (which is also the default).
+
+
+HTH,
+
+Alex.
+
+
+>> On Jan 13, 2026, at 9:48 AM, Alex Rousskov wrote:
+>>
+>> On 2026-01-12 20:22, Archer wrote:
+>>
+>>> I picked up this part of log as? evidence that Squid does conduct DNS 
+>>> lookups AFTER a peer connection is selected( log ommited). In the 
+>>> configuration, a cache peer (parent proxy) for specified domains 
+>>> presents.
+>>> And the relative part of config is already provided in some other 
+>>> thread of this post. TY
+>>
+>>
+>> FWIW, if I have access to a full debugging log collected while 
+>> reproducing the problem, I may be able to tell you what causes DNS 
+>> lookups in your specific environment. I discourage Squid admins from 
+>> studying debugging logs because they are meant for Squid developers 
+>> and can be very misleading.
+>>
+>> https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction <https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction>
+>>
+>> Without looking at the logs, and without investing a lot of time in 
+>> trying to reproduce the problem locally based on the partial 
+>> information you have shared, I can only offer guesses, and I have done 
+>> that already.
+>>
+>> Alex.
+>>
+>>
+>>> On 2026-01-09 17:19, archer wrote:
+>>>> cache_peer a.b.c.d parent ... name=NodeNG
+>>>> always_direct extranet_whitelist
+>>>> never_direct extranet
+>>>> I observed peer-select.cc still conducting DNS lookups on an 
+>>>> extranet domain , which is a purely domain-based ACL. e.g.
+>>>>
+>>>> peer_select.cc(833) selectSomeParent: CONNECT www.example.com
+>>>> ...
+>>>> peer_select.cc(460) resolveSelected: Find IP destination for: 
+>>>> www.example.com:443 via a.b.c.d
+>>> The above debugging log snippet is unrelated to ACLs checking/code.
+>>> Squid says that it needs to resolve a.b.c.d to connect to a peer at 
+>>> that a.b.c.d address. If a.b.c.d is alerady an IP address, then that 
+>>> resolution is going to be a no-op -- no actual DNS queries will be sent.
+>>> I do not know what triggers other DNS queries in your case. If I have 
+>>> to guess, I would guess that peer selection algorithm finds multiple 
+>>> ways to satisfy that CONNECT-to-X request and some of those ways 
+>>> include a direct connection to X, triggering X resolution.
+>>>> So, what can I do to have extranet DNS handled by the parent proxy, 
+>>>> while leaving the remainder to the child proxy, with a domain list ?
+>>>> Squid Cache: Version 5.7
+>>> FWIW, the above version is not supported by the Squid Project.
+>>> Alex.
+>>
+> 
+
+

squid-users/2026-January/027740.html

@@ -12,7 +12,7 @@
            }
    </style>
    <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
-   <LINK REL="Previous"  HREF="027756.html">
+   <LINK REL="Previous"  HREF="027759.html">
    <LINK REL="Next"  HREF="027743.html">
  </HEAD>
  <BODY BGCOLOR="#ffffff">
@@ -23,7 +23,7 @@ <H1>[squid-users] Squid integration with Netskope forward to proxy</H1>
        </A><BR>
     <I>Sun Jan 11 14:58:12 UTC 2026</I>
     <P><UL>
-        <LI>Previous message (by thread): <A HREF="027756.html">[squid-users] peer-select.cc, cache_peer and dns queries
+        <LI>Previous message (by thread): <A HREF="027759.html">[squid-users] peer-select.cc, cache_peer and dns queries
 </A></li>
         <LI>Next message (by thread): <A HREF="027743.html">[squid-users] Squid integration with Netskope forward to proxy
 </A></li>
@@ -73,11 +73,12 @@ <H1>[squid-users] Squid integration with Netskope forward to proxy</H1>
 
 
 
+
 <!--endarticle-->
     <HR>
     <P><UL>
         <!--threads-->
-	<LI>Previous message (by thread): <A HREF="027756.html">[squid-users] peer-select.cc, cache_peer and dns queries
+	<LI>Previous message (by thread): <A HREF="027759.html">[squid-users] peer-select.cc, cache_peer and dns queries
 </A></li>
 	<LI>Next message (by thread): <A HREF="027743.html">[squid-users] Squid integration with Netskope forward to proxy
 </A></li>

squid-users/2026-January/027741.html

@@ -73,6 +73,7 @@ <H1>[squid-users] Can I safely increase MAX_URL to 12KByte?</H1>
 
 
 
+
 <!--endarticle-->
     <HR>
     <P><UL>

squid-users/2026-January/027743.html

@@ -75,6 +75,7 @@ <H1>[squid-users] Squid integration with Netskope forward to proxy</H1>
 
 
 
+
 <!--endarticle-->
     <HR>
     <P><UL>

squid-users/2026-January/027744.html

@@ -75,6 +75,7 @@ <H1>[squid-users] Can I safely increase MAX_URL to 12KByte?</H1>
 
 
 
+
 <!--endarticle-->
     <HR>
     <P><UL>

squid-users/2026-January/027746.html

@@ -92,6 +92,7 @@ <H1>[squid-users] Squid integration with Netskope forward to proxy</H1>
 
 
 
+
 <!--endarticle-->
     <HR>
     <P><UL>

squid-users/2026-January/027756.html

@@ -13,7 +13,7 @@
    </style>
    <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
    <LINK REL="Previous"  HREF="027755.html">
-   <LINK REL="Next"  HREF="027740.html">
+   <LINK REL="Next"  HREF="027759.html">
  </HEAD>
  <BODY BGCOLOR="#ffffff">
    <H1>[squid-users] peer-select.cc, cache_peer and dns queries</H1>
@@ -25,7 +25,7 @@ <H1>[squid-users] peer-select.cc, cache_peer and dns queries</H1>
     <P><UL>
         <LI>Previous message (by thread): <A HREF="027755.html">[squid-users] peer-select.cc, cache_peer and dns queries
 </A></li>
-        <LI>Next message (by thread): <A HREF="027740.html">[squid-users] Squid integration with Netskope forward to proxy
+        <LI>Next message (by thread): <A HREF="027759.html">[squid-users] peer-select.cc, cache_peer and dns queries
 </A></li>
          <LI> <B>Messages sorted by:</B> 
               <a href="date.html#27756">[ date ]</a>
@@ -84,13 +84,14 @@ <H1>[squid-users] peer-select.cc, cache_peer and dns queries</H1>
 </PRE>
 
 
+
 <!--endarticle-->
     <HR>
     <P><UL>
         <!--threads-->
 	<LI>Previous message (by thread): <A HREF="027755.html">[squid-users] peer-select.cc, cache_peer and dns queries
 </A></li>
-	<LI>Next message (by thread): <A HREF="027740.html">[squid-users] Squid integration with Netskope forward to proxy
+	<LI>Next message (by thread): <A HREF="027759.html">[squid-users] peer-select.cc, cache_peer and dns queries
 </A></li>
          <LI> <B>Messages sorted by:</B> 
               <a href="date.html#27756">[ date ]</a>

squid-users/2026-January/027757.html

@@ -97,6 +97,7 @@ <H1>[squid-users] Squid integration with Netskope forward to proxy</H1>
 </PRE>
 
 
+
 <!--endarticle-->
     <HR>
     <P><UL>

squid-users/2026-January/027759.html

@@ -0,0 +1,136 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML>
+ <HEAD>
+   <TITLE> [squid-users] peer-select.cc, cache_peer and dns queries
+   </TITLE>
+   <LINK REL="Index" HREF="index.html" >
+   <LINK REL="made" HREF="mailto:squid-users%40lists.squid-cache.org?Subject=Re%3A%20%5Bsquid-users%5D%20peer-select.cc%2C%20cache_peer%20and%20dns%20queries&In-Reply-To=%3Cbec610c5-9f44-4547-a99b-dfbc38294699%40measurement-factory.com%3E">
+   <META NAME="robots" CONTENT="index,nofollow">
+   <style type="text/css">
+       pre {
+           white-space: pre-wrap;       /* css-2.1, curent FF, Opera, Safari */
+           }
+   </style>
+   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
+   <LINK REL="Previous"  HREF="027756.html">
+   <LINK REL="Next"  HREF="027740.html">
+ </HEAD>
+ <BODY BGCOLOR="#ffffff">
+   <H1>[squid-users] peer-select.cc, cache_peer and dns queries</H1>
+    <B>Alex Rousskov</B> 
+    <A HREF="mailto:squid-users%40lists.squid-cache.org?Subject=Re%3A%20%5Bsquid-users%5D%20peer-select.cc%2C%20cache_peer%20and%20dns%20queries&In-Reply-To=%3Cbec610c5-9f44-4547-a99b-dfbc38294699%40measurement-factory.com%3E"
+       TITLE="[squid-users] peer-select.cc, cache_peer and dns queries">rousskov at measurement-factory.com
+       </A><BR>
+    <I>Tue Jan 13 20:59:05 UTC 2026</I>
+    <P><UL>
+        <LI>Previous message (by thread): <A HREF="027756.html">[squid-users] peer-select.cc, cache_peer and dns queries
+</A></li>
+        <LI>Next message (by thread): <A HREF="027740.html">[squid-users] Squid integration with Netskope forward to proxy
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#27759">[ date ]</a>
+              <a href="thread.html#27759">[ thread ]</a>
+              <a href="subject.html#27759">[ subject ]</a>
+              <a href="author.html#27759">[ author ]</a>
+         </LI>
+       </UL>
+    <HR>  
+<!--beginarticle-->
+<PRE>On 2026-01-13 01:51, archer wrote:
+
+&gt;<i> Please check full log at ...
+</I>
+Thank you for sharing that log.
+
+
+&gt;<i> In this attempt, I tried to visit google.
+</I>
+The first corresponding DNS lookup is triggered by Squid NetDB feature. 
+To disable that feature, ./configure Squid with `--disable-icmp`.
+
+AFAICT, there is no squid.conf option that would disable those lookups 
+in Squids built with `--enable-icmp` (which is also the default).
+
+
+HTH,
+
+Alex.
+
+
+&gt;&gt;<i> On Jan 13, 2026, at 9:48 AM, Alex Rousskov wrote:
+</I>&gt;&gt;<i>
+</I>&gt;&gt;<i> On 2026-01-12 20:22, Archer wrote:
+</I>&gt;&gt;<i>
+</I>&gt;&gt;&gt;<i> I picked up this part of log as&#160; evidence that Squid does conduct DNS 
+</I>&gt;&gt;&gt;<i> lookups AFTER a peer connection is selected( log ommited). In the 
+</I>&gt;&gt;&gt;<i> configuration, a cache peer (parent proxy) for specified domains 
+</I>&gt;&gt;&gt;<i> presents.
+</I>&gt;&gt;&gt;<i> And the relative part of config is already provided in some other 
+</I>&gt;&gt;&gt;<i> thread of this post. TY
+</I>&gt;&gt;<i>
+</I>&gt;&gt;<i>
+</I>&gt;&gt;<i> FWIW, if I have access to a full debugging log collected while 
+</I>&gt;&gt;<i> reproducing the problem, I may be able to tell you what causes DNS 
+</I>&gt;&gt;<i> lookups in your specific environment. I discourage Squid admins from 
+</I>&gt;&gt;<i> studying debugging logs because they are meant for Squid developers 
+</I>&gt;&gt;<i> and can be very misleading.
+</I>&gt;&gt;<i>
+</I>&gt;&gt;<i> <A HREF="https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction">https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction</A> &lt;<A HREF="https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction">https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction</A>&gt;
+</I>&gt;&gt;<i>
+</I>&gt;&gt;<i> Without looking at the logs, and without investing a lot of time in 
+</I>&gt;&gt;<i> trying to reproduce the problem locally based on the partial 
+</I>&gt;&gt;<i> information you have shared, I can only offer guesses, and I have done 
+</I>&gt;&gt;<i> that already.
+</I>&gt;&gt;<i>
+</I>&gt;&gt;<i> Alex.
+</I>&gt;&gt;<i>
+</I>&gt;&gt;<i>
+</I>&gt;&gt;&gt;<i> On 2026-01-09 17:19, archer wrote:
+</I>&gt;&gt;&gt;&gt;<i> cache_peer a.b.c.d parent ... name=NodeNG
+</I>&gt;&gt;&gt;&gt;<i> always_direct extranet_whitelist
+</I>&gt;&gt;&gt;&gt;<i> never_direct extranet
+</I>&gt;&gt;&gt;&gt;<i> I observed peer-select.cc still conducting DNS lookups on an 
+</I>&gt;&gt;&gt;&gt;<i> extranet domain , which is a purely domain-based ACL. e.g.
+</I>&gt;&gt;&gt;&gt;<i>
+</I>&gt;&gt;&gt;&gt;<i> peer_select.cc(833) selectSomeParent: CONNECT www.example.com
+</I>&gt;&gt;&gt;&gt;<i> ...
+</I>&gt;&gt;&gt;&gt;<i> peer_select.cc(460) resolveSelected: Find IP destination for: 
+</I>&gt;&gt;&gt;&gt;<i> www.example.com:443 via a.b.c.d
+</I>&gt;&gt;&gt;<i> The above debugging log snippet is unrelated to ACLs checking/code.
+</I>&gt;&gt;&gt;<i> Squid says that it needs to resolve a.b.c.d to connect to a peer at 
+</I>&gt;&gt;&gt;<i> that a.b.c.d address. If a.b.c.d is alerady an IP address, then that 
+</I>&gt;&gt;&gt;<i> resolution is going to be a no-op -- no actual DNS queries will be sent.
+</I>&gt;&gt;&gt;<i> I do not know what triggers other DNS queries in your case. If I have 
+</I>&gt;&gt;&gt;<i> to guess, I would guess that peer selection algorithm finds multiple 
+</I>&gt;&gt;&gt;<i> ways to satisfy that CONNECT-to-X request and some of those ways 
+</I>&gt;&gt;&gt;<i> include a direct connection to X, triggering X resolution.
+</I>&gt;&gt;&gt;&gt;<i> So, what can I do to have extranet DNS handled by the parent proxy, 
+</I>&gt;&gt;&gt;&gt;<i> while leaving the remainder to the child proxy, with a domain list ?
+</I>&gt;&gt;&gt;&gt;<i> Squid Cache: Version 5.7
+</I>&gt;&gt;&gt;<i> FWIW, the above version is not supported by the Squid Project.
+</I>&gt;&gt;&gt;<i> Alex.
+</I>&gt;&gt;<i>
+</I>&gt;<i> 
+</I>
+</PRE>
+
+<!--endarticle-->
+    <HR>
+    <P><UL>
+        <!--threads-->
+	<LI>Previous message (by thread): <A HREF="027756.html">[squid-users] peer-select.cc, cache_peer and dns queries
+</A></li>
+	<LI>Next message (by thread): <A HREF="027740.html">[squid-users] Squid integration with Netskope forward to proxy
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#27759">[ date ]</a>
+              <a href="thread.html#27759">[ thread ]</a>
+              <a href="subject.html#27759">[ subject ]</a>
+              <a href="author.html#27759">[ author ]</a>
+         </LI>
+       </UL>
+
+<hr>
+<a href="https://lists.squid-cache.org/listinfo/squid-users">More information about the squid-users
+mailing list</a><br>
+</body></html>

squid-users/2026-January/author.html

@@ -19,8 +19,8 @@ <h1>January 2026 Archives by author</h1>
                     </a></b></li>
       </ul>
       <p><b>Starting:</b> <i>Sun Jan  4 01:35:40 UTC 2026</i><br>
-         <b>Ending:</b> <i>Tue Jan 13 12:45:30 UTC 2026</i><br>
-         <b>Messages:</b> 26<p>
+         <b>Ending:</b> <i>Tue Jan 13 20:59:05 UTC 2026</i><br>
+         <b>Messages:</b> 27<p>
      <ul>
 
 <LI><A HREF="027754.html">[squid-users] peer-select.cc, cache_peer and dns queries
@@ -98,6 +98,11 @@ <h1>January 2026 Archives by author</h1>
 <I>Alex Rousskov
 </I>
 
+<LI><A HREF="027759.html">[squid-users] peer-select.cc, cache_peer and dns queries
+</A><A NAME="27759">&nbsp;</A>
+<I>Alex Rousskov
+</I>
+
 <LI><A HREF="027734.html">[squid-users] Running squid in a network namespace
 </A><A NAME="27734">&nbsp;</A>
 <I>Robert 'Bobby' Zenz
@@ -156,8 +161,8 @@ <h1>January 2026 Archives by author</h1>
     </ul>
     <p>
       <a name="end"><b>Last message date:</b></a> 
-       <i>Tue Jan 13 12:45:30 UTC 2026</i><br>
-    <b>Archived on:</b> <i>Tue Jan 13 13:35:40 UTC 2026</i>
+       <i>Tue Jan 13 20:59:05 UTC 2026</i><br>
+    <b>Archived on:</b> <i>Tue Jan 13 20:59:08 UTC 2026</i>
     <p>
    <ul>
          <li> <b>Messages sorted by:</b>