Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid can't resolve domain names

    Scheduled Pinned Locked Moved pfSense Packages
    8 Posts 3 Posters 27.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sinergest
      last edited by

      Hello everybody,
      my name is Matteo, and this is my first topic.
      I'm using pfSense 1.2.3 with latest Squid package version.
      As in the subject, I'm experiencing DNS problems with Squid package.
      The problem is that I use an internal Windows Server 2008 DNS to resolve some demo domains, but it seems like Squid doesn't query it.
      If I try reaching one of the demos, I get this error:

      The requested URL could not be retrieved

While trying to retrieve the URL: http://demo.demo.demo/

The following error was encountered:

    Unable to determine IP address from host name for demo.demo.demo 

The dnsserver returned:

    Name Error: The domain name does not exist. 

This means that:

 The cache was not able to resolve the hostname presented in the URL. 
 Check if the address is correct.

      It seems like this is a DNS cache problem, but it appeared only after last update. I tried setting```
      negative_dns_ttl 1 second;positive_dns_ttl 2 seconds

      Squid is configured to work in transparent mode, and it gives this problem only with the demo domains.
Is this a known problem?
Can someone please help me?
      1 Reply Last reply Reply Quote 0
      • D
        dondos
        last edited by

        Is you pfsense system configured to query your internal DNS? If it is, then you should configure squid to use 127.0.0.1 as DNS.
        Or, even better, you could edit the hosts file from dns forwarder section, adding your demo domains (or hosts).

        1 Reply Last reply Reply Quote 0
        • S
          sinergest
          last edited by

          I tried what you suggested, but it didn't work. I already tried setting Squid to query the same DNS the system has, but it didn't work, neither.
          Another strange thing is the Squid error message reports a wrong timezone, reporting GMT instead of GMT+1

          1 Reply Last reply Reply Quote 0
          • D
            dondos
            last edited by

            If you enter you demo adress in http://pfsense_ip/diag_dns.php do you get the right ip address?

            PS: Is your computer configured to use pfsense as DNS server?

            1 Reply Last reply Reply Quote 0
            • S
              sinergest
              last edited by

              @dondos:

              If you enter you demo adress in http://pfsense_ip/diag_dns.php do you get the right ip address?

              I tried this, and the answer is yes. I also tried traceroute, but it only worked with ICMP enabled. PfSense system IP is not an exception for the proxy, anyway.

              PS: Is your computer configured to use pfsense as DNS server?

              No, my computer has the same DNS as pfsense, I tried setting pfsense as the only DNS server, but no luck.
              In addition, IPs that bypass Squid resolve the demo addresses (which are not internal) correctly.

              1 Reply Last reply Reply Quote 0
              • D
                dondos
                last edited by

                Then the problem seems to be caused by squid. Does it read the configuration file correctly? Open cache.log from /var/squid/log/ and look for: Adding nameserver 127.0.0.1 from squid.conf.

                If not restart the squid service (or the whole system).

                1 Reply Last reply Reply Quote 0
                • M
                  mhab12
                  last edited by

                  Can you try browsing FROM the DNS server?  Perhaps it is not allowed on the Squid ACL and is therefore causing problems…

                  1 Reply Last reply Reply Quote 0
                  • S
                    sinergest
                    last edited by

                    @dondos:

                    Then the problem seems to be caused by squid. Does it read the configuration file correctly? Open cache.log from /var/squid/log/ and look for: Adding nameserver 127.0.0.1 from squid.conf.

                    If not restart the squid service (or the whole system).

                    I set again the alternate DNS as 127.0.0.1, but I found many entries in the log file, similar to the one you said, at different times

                    2010/01/13 09:49:15| Adding domain grupposinergest.local from /etc/resolv.conf
2010/01/13 09:49:15| Adding nameserver 192.168.x.x from /etc/resolv.conf
2010/01/13 09:49:15| Adding nameserver 88.x.x.x from /etc/resolv.conf
2010/01/13 09:49:15| Adding nameserver 88.x.x.x from /etc/resolv.conf
...
2010/01/13 09:49:16| DNS Socket created at 0.0.0.0, port 20715, FD 7
2010/01/13 09:49:16| Adding nameserver 127.0.0.1 from squid.conf
...
2010/01/13 09:49:29| DNS Socket created at 0.0.0.0, port 43916, FD 12
2010/01/13 09:49:29| Adding nameserver 127.0.0.1 from squid.conf
...
2010/01/13 09:50:09| DNS Socket created at 0.0.0.0, port 31716, FD 6
2010/01/13 09:50:09| Adding nameserver 127.0.0.1 from squid.conf
...

                    The service is running properly, except for the problem we're struggling with.

                    @mhab12:

                    Can you try browsing FROM the DNS server?  Perhaps it is not allowed on the Squid ACL and is therefore causing problems…

                    I'm afraid I can't understand what you are saying.
                    Do you mean I should let the DNS server bypass the proxy? How can it interfere with the DNS resolution of Squid?

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.