Squid slows down the network (DNS) to almost unusable
-
Recently I moved temporarily all of my VMs of the hosts including a domain controller responsible for DNS as well as I deployed another domain controller. I also changed the several IP addresses and naturally some services started failing, after recovering enough to have a working network while I did the cluster thing I noticed the DNS resolution either failing or taking forever, eventually I put everything back but DNS wasn't improving.
Although this has happened before I discarded Squid because the last time it happened the hardware and configuration was very different, this time it had plenty of dedicated system resources and it's running on mirrored ZFS SSDs. I kept watching all the AD replication and DNS test pass successfully and to make it more disconcerting I discovered DNS resolution wasn't slow if I used Network Utility on macOS or nslookup on Windows - it was instant, resolving network shares and everything in a browser seemed to be what were wrong. Another weird thing is that even in the same subnet things were slow, intranet, internet, inter-VLAN. A complete nightmare.
Tired I figured I'd restart the firewall just looking for solutions aimlessly and when I was in pfSense's portal I tried first just turning off the Squid service and everything went back to normal immediately which was a huge relief and also a bit of a disappointment; I'm constantly downloading disk images and I had a quarter terabyte to Squid Cache so I don't have to think if I had save the file somewhere or whatever, even if my connection is fast(ish) it'll never beat mirrored SSDs.
Is this a known bug? Did I miss some setting? I'm pretty sure I paid attention to everything relating to cache and rotating files and stuff so I wouldn't bottleneck or fill up.
Anyway, thanks for any advice. :)
-
What do the Diagnostics/System Activity log's show?
-
I forgot to check and I already emptied the cache so even if I turn Squid back on my guess is that it'd take a while until the issue comes back. :/
-
Yeah… Turned it back on and it's as zippy as ever. One of my guesses was that the cache storage simply filled up but it couldn't, I always set it for 70%-to-80% of its capacity on a dedicated volume so there's nothing else writing to it. Logs files are on the main pfSense volume. 🧐
-
Can u please show your```
squid.confThanks. -
Sorry, I kept watching the notif pop on my phone but I was super busy. Were can I get it again? I went through every tab and I can't remember where to download it from. Squid is turned off, do I need to turn it back on for the option to appear?
-
No issue, u can get the file from the console(ssh):
/usr/local/etc/squid/squid.conf ``` :)
