请高手指点：squid+iptable透明代理DNS解析不了

zxdzhj

我今天切换到SQuid+iptables运行，上午还可以，但到下午时就不行了，网页浏览出得很慢，以至于网页打不开。还报出错误：
2004/05/28 17:14:00| WARNING! Your cache is running out of filedescriptors
2004/05/28 17:14:16| WARNING! Your cache is running out of filedescriptors
下班时我只好切换为不用Squid。

这是我的Squid.conf的全部设置，请大家帮忙看有没有不妥的地方。
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 16 MB
cache_swap_low 95
cache_swap_high 99
maximum_object_size 4096 KB
maximum_object_size_in_memory 32 KB
cache_dir ufs /var/spool/squid 300 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
pid_filename /var/run/squid.pid
client_netmask 255.255.255.255
dns_nameservers 202.96.128.68 202.96.128.110
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl zssysquid src 172.31.60.0/24
acl zssysquid src 172.31.61.0/24
acl zssysquid src 172.31.62.0/24
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow zssysquid
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr zssy_xxk
cache_effective_user squid
cache_effective_group squid
visible_hostname squidcache
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
error_directory /usr/share/squid/errors/Simplify_Chinese
coredump_dir /var/spool/squid

zxdzhj

增加三句后
half_closed_clients off
server_persistent_connections off
client_persistent_connections off
报出许多错误，供参考
2004/05/29 05:22:43| commHandleWrite: FD 16: write failure: connection closed with -1 bytes remaining.
2004/05/29 05:22:59| commHandleWrite: FD 15: write failure: connection closed with -1 bytes remaining.

zxdzhj

没有办法，挂到线上试了好几次，最多能顶一天，看来只有抽空重新安装Squid了。RedHat9.0默认安装了Squid，请问要不要先卸掉再安装，还是直接下载后就安装？

unixli

当然要先卸掉再安装，不然到时会出了问题你都不知怎回事！
你系统的虚似内存设了多大？
cache_mem 16 MB 　＃这一般都设内存的1/3
cache_dir ufs /var/spool/squid 300 16 256 　＃这一般设几个GB的，不然cache很快就会满了的，满了后会频繁更新，自然会影响速度

zxdzhj

我曾经设置过
cache_mem 64MB　 #256M的内存
cache_dir ufs /var/spool/squid 1000 16 256
但还是出现太多错误。

请问怎样才能完全卸掉squid?

szkingrose

我看了看源程序，原来你的计算机出现的问题是有关于时间方面的。
没能完全看懂。你看看电脑日期时间设置有没有问题？

zxdzhj

date 显示：
一  5月 31 11:55:32 CST 2004

comxyz

http_port 3128

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 96 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 2096 KB
maximum_object_size_in_memory 32 KB
cache_dir ufs /var/spool/squid 300 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl zssysquid src 172.31.60.0/24
acl zssysquid src 172.31.61.0/24
acl zssysquid src 172.31.62.0/24
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow zssysquid
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all

cache_effective_user squid
cache_effective_group squid
visible_hostname squidcache

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

zxdzhj

前两天我在HP服务器上重新装了RedHat9，默认没有安装SQUID，自己下载了最新的squid-2.5.STABLE5,安装并且设置好后，还是出现了原来的问题。
我的服务器是1G内存，cache大小设为4G，运行半天用du -sk能看到cache目录已有约800M的内容了。
cache_mem 512 MB
cache_dir ufs /var/squid/cache 4000 16 256
在squid.conf中设置了dnsname_servers 202.96.128.68 202.96.128.110
但挂到线上就有不少网页出现无法解析域名现象，有时多次刷新可以出来网页，象tom.com主页可以出来，但下面的新闻链接又出不来，顶不住压力，只好又换回不用Squid。
查看cache.log，有类似以下错误：
2004/06/03 22:23:45| ipcacheParse: No Address records in response to 'www.avl.com.cn'
2004/06/03 22:23:45| ipcacheParse: No Address records in response to 'www.avl.com.cn'
2004/06/03 22:31:52| ipcacheParse: No Address records in response to 'www.avl.com.cn'
2004/06/03 22:31:52| ipcacheParse: No Address records in response to 'www.avl.com.cn'
2004/06/03 22:31:52| ipcacheParse: No Address records in response to 'www.avl.com.cn'
2004/06/03 22:34:45| ipcacheParse: No Address records in response to 'www.avl.com.cn'
2004/06/03 22:34:46| ipcacheParse: No Address records in response to 'www.avl.com.cn'
2004/06/03 22:37:50| parseHttpRequest: Unsupported method 'recipientid=101&sessionid=2054

'
2004/06/03 22:37:50| clientReadRequest: FD 28 Invalid Request
2004/06/03 22:37:50| parseHttpRequest: Unsupported method 'recipientid=101&sessionid=2054

'
2004/06/03 22:37:50| clientReadRequest: FD 28 Invalid Request
2004/06/03 22:39:01| ipcacheParse: No Address records in response to 'liveupdate.symantecliveupdate.com'
2004/06/03 22:39:07| ipcacheParse: No Address records in response to 'liveupdate.symantecliveupdate.com'
2004/06/03 22:39:49| ipcacheParse: No Address records in response to 'www.avl.com.cn'
2004/06/03 22:41:39| ipcacheParse: No Address records in response to 'www.microsoft.com'
2004/06/03 22:47:41| ipcacheParse: No Address records in response to 'liveupdate.symantecliveupdate.com'
2004/06/03 22:52:39| ipcacheParse: No Address records in response to 'toolbarqueries.google.com'
2004/06/03 22:52:57| ipcacheParse: No Address records in response to 'toolbarqueries.google.com'
2004/06/03 22:53:02| ipcacheParse: No Address records in response to 'toolbarqueries.google.com'
2004/06/03 22:53:10| ipcacheParse: No Address records in response to 'liveupdate.symantecliveupdate.com'
2004/06/03 22:58:44| clientIfRangeMatch: Weak ETags are not allowed in If-Range: "b8474-262-40b44758" ? "98057-262-40b44758"
2004/06/03 22:59:32| ipcacheParse: No Address records in response to 'toolbarqueries.google.com'
2004/06/03 23:00:57| ipcacheParse: No Address records in response to 'download.rising.com.cn'
2004/06/03 23:09:04| ipcacheParse: No Address records in response to 'ad.doubleclick.net'
2004/06/03 23:16:58| ipcacheParse: No Address records in response to 'www.avl.com.cn'
2004/06/03 23:17:04| ipcacheParse: No Address records in response to 'www.avl.com.cn'
2004/06/03 23:20:30| ipcacheParse: No Address records in response to 'www.microsoft.com'
2004/06/03 23:24:48| ipcacheParse: No Address records in response to 'www.avl.com.cn'
2004/06/03 23:28:12| ipcacheParse: No Address records in response to 'www.avl.com.cn'
2004/06/03 23:38:43| ipcacheParse: No Address records in response to 'liveupdate.symantecliveupdate.com'
2004/06/03 23:38:49| ipcacheParse: No Address records in response to 'liveupdate.symantecliveupdate.com'

      好郁闷，瞎折腾了几个星期，想在自己的网络环境中试试squid的性能，但却碰了一个大壁，从前后贴出来的贴子可以看出，这次主要是DNS解析跟不上，客户端出错误信息，各路高手大侠，帮小弟一把。其实我单位直接走透明路由，不用squid完全没问题的，但没搞定这事心头真是不爽，吃不好也睡不好啊！

zxdzhj

客户端出错误信息类似于下面，只不过有些是中文的。
The requested URL could not be retrieved

---------------------------------------------------------------------

While trying to retrieve the URL: http://www.gz-bus.com/

The following error was encountered:

Unable to determine IP address from host name for www.gz-bus.com
The dnsserver returned:

No DNS records
This means that:

The cache was not able to resolve the hostname presented in the URL.
Check if the address is correct.
Your cache administrator is root.

----------------------------------------------------------------

Generated Tue, 25 May 2004 00:17:07 GMT by squidcache (squid/2.5.STABLE1)