Добрый день, стоит непрозрачный SQUID. После аварийного выключения света перестали нормально грузится странички у клиентов( в частности картинки). Если идти мимо прокси, то все хорошо работает. Грешу на ДНС, но разобраться с настройками не могу. ДНС выдает провайдер и с ними все ОК. Строчка dns_nameservers не решает ситуацию.
ДНС и в сквиде и в resolv.conf прописаны провайдера!
Загрузка образа с ubuntu.com идет на максимальной скорости.
Прошу помощи
ДНС провайдера
root@server:# time dig ya.ru
; <<>> DiG 9.10.3-P4-Ubuntu <<>> ya.ru
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60614
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ya.ru. IN A
;; ANSWER SECTION:
ya.ru. 244 IN A 87.250.250.242
;; AUTHORITY SECTION:
ya.ru. 5311 IN NS ns2.yandex.ru.
ya.ru. 5311 IN NS ns1.yandex.ru.
;; ADDITIONAL SECTION:
ns1.yandex.ru. 74730 IN A 213.180.193.1
ns2.yandex.ru. 74730 IN A 93.158.134.1
;; Query time: 3 msec
;; SERVER: 80.94.160.2#53(80.94.160.2)
;; WHEN: Mon Aug 21 08:54:07 +03 2017
;; MSG SIZE rcvd: 125
real 0m0.020s
user 0m0.012s
sys 0m0.000s
# tail /var/log/squid/access.log
1503313603.948 4 192.168.12.4 TCP_MISS/200 66462 GET cache_object://localhost/active_requests - HIER_NONE/- text/plain
1503313604.585 0 192.168.12.161 TCP_DENIED/403 3930 CONNECT ok.ru:443 - HIER_NONE/- text/html
1503313605.136 59238 192.168.12.171 TCP_TUNNEL/200 0 CONNECT mail.yandex.by:443 - HIER_DIRECT/213.180.204.125 -
1503313605.165 4018 192.168.12.51 TCP_TUNNEL/200 524 CONNECT img.tyt.by:443 - HIER_DIRECT/178.172.160.4 -
1503313605.326 4 192.168.12.4 TCP_MISS/200 67732 GET cache_object://localhost/active_requests - HIER_NONE/- text/plain
1503313605.459 400 192.168.12.139 TCP_MISS/200 569 GET http://top-fwz1.mail.ru/tracker? - HIER_DIRECT/217.69.133.145 image/gif
1503313606.707 4 192.168.12.4 TCP_MISS/200 68668 GET cache_object://localhost/active_requests - HIER_NONE/- text/plain
1503313607.184 4022 192.168.12.51 TCP_TUNNEL/200 524 CONNECT img.tyt.by:443 - HIER_DIRECT/178.172.160.4 -
1503313607.708 75670 192.168.12.5 TCP_TUNNEL/200 8572 CONNECT filed5-24.my.mail.ru:443 - HIER_DIRECT/185.5.137.50 -
1503313607.749 76114 192.168.12.5 TCP_TUNNEL/200 8264 CONNECT filed8-19.my.mail.ru:443 - HIER_DIRECT/185.5.137.53 -
root@server:/home/sysex# tail /var/log/squid/access.log
1503313619.486 2156 192.168.12.5 TCP_MISS_ABORTED/000 0 POST http://ocsp2.globalsign.com/gsorganizationvalsha2g2 - HIER_DIRECT/2400:cb00:2048:1::681f:4a7c -
1503313619.707 2633 192.168.12.51 TCP_TUNNEL/200 523 CONNECT img.tyt.by:443 - HIER_DIRECT/178.172.160.4 -
1503313620.191 7 192.168.12.4 TCP_MISS/200 69043 GET cache_object://localhost/active_requests - HIER_NONE/- text/plain
1503313620.469 2240 192.168.12.5 TCP_MISS_ABORTED/000 0 POST http://ocsp2.globalsign.com/gsorganizationvalsha2g2 - HIER_DIRECT/2400:cb00:2048:1::681f:4a7c -
1503313620.954 3329 192.168.12.53 TCP_TUNNEL/200 1001 CONNECT portal.mail.ru:443 - HIER_DIRECT/94.100.180.59 -
1503313621.303 4912 192.168.12.55 TCP_TUNNEL/200 16802 CONNECT login.live.com:443 - HIER_DIRECT/131.253.61.66 -
1503313621.575 4 192.168.12.4 TCP_MISS/200 67890 GET cache_object://localhost/active_requests - HIER_NONE/- text/plain
1503313622.215 74285 192.168.12.171 TCP_TUNNEL/200 0 CONNECT c2hit.tut.by:443 - HIER_DIRECT/178.172.160.17 -
1503313622.945 4 192.168.12.4 TCP_MISS/200 68290 GET cache_object://localhost/active_requests - HIER_NONE/- text/plain
1503313622.996 60573 192.168.12.5 TCP_TUNNEL/200 440 CONNECT mycomet.my.mail.ru:443 - HIER_DIRECT/128.140.168.47 -
root@server:/home/sysex# less /var/log/squid3/cache.log
/var/log/squid3/cache.log: No such file or directory
root@server:/home/sysex# less /var/log/squid/cache.log
[1]+ Stopped less /var/log/squid/cache.log
root@server:/home/sysex# less /var/log/squid/cache.log
2017/08/21 13:58:04 kid1| Open FD UNSTARTED 448 r.mradx.net:443
2017/08/21 13:58:04 kid1| Open FD UNSTARTED 455 r.mradx.net:443
2017/08/21 13:58:04 kid1| Open FD READ/WRITE 466 Idle server: 91.149.157.185:80/www.obelarus.net
2017/08/21 13:58:04 kid1| Open FD READ/WRITE 467 Idle server: 91.149.157.185:80/rg.obelarus.net
2017/08/21 13:58:04 kid1| Open FD UNSTARTED 469 i.ytimg.com:443
2017/08/21 13:58:04 kid1| Open FD READ/WRITE 473 Idle server: 91.149.157.185:80/www.obelarus.net
2017/08/21 13:58:04 kid1| Open FD UNSTARTED 487 ad.mail.ru:443
2017/08/21 13:58:04 kid1| Squid Cache (Version 3.5.12): Exiting normally.
2017/08/21 13:58:08 kid1| Set Current Directory to /var/spool/squid
2017/08/21 13:58:08 kid1| Starting Squid Cache version 3.5.12 for x86_64-pc-linux-gnu...
2017/08/21 13:58:08 kid1| Service Name: squid
2017/08/21 13:58:08 kid1| Process ID 7344
2017/08/21 13:58:08 kid1| Process Roles: worker
2017/08/21 13:58:08 kid1| With 65535 file descriptors available
2017/08/21 13:58:08 kid1| Initializing IP Cache...
2017/08/21 13:58:08 kid1| DNS Socket created at [::], FD 6
2017/08/21 13:58:08 kid1| DNS Socket created at 0.0.0.0, FD 7
2017/08/21 13:58:08 kid1| Adding nameserver 80.94.160.2 from squid.conf
2017/08/21 13:58:08 kid1| Adding nameserver 80.94.160.3 from squid.conf
2017/08/21 13:58:08 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2017/08/21 13:58:08 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2017/08/21 13:58:08 kid1| Unlinkd pipe opened on FD 15
2017/08/21 13:58:08 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2017/08/21 13:58:08 kid1| Store logging disabled
2017/08/21 13:58:08 kid1| Swap maxSize 51454976 + 262144 KB, estimated 3978240 objects
2017/08/21 13:58:08 kid1| Target number of buckets: 198912
2017/08/21 13:58:08 kid1| Using 262144 Store buckets
2017/08/21 13:58:08 kid1| Max Mem size: 262144 KB
2017/08/21 13:58:08 kid1| Max Swap size: 51454976 KB
2017/08/21 13:58:08 kid1| Rebuilding storage in /var/spool/squid (clean log)
2017/08/21 13:58:08 kid1| Using Least Load store dir selection
2017/08/21 13:58:08 kid1| Set Current Directory to /var/spool/squid
2017/08/21 13:58:08 kid1| Finished loading MIME types and icons.
2017/08/21 13:58:08 kid1| HTCP Disabled.
2017/08/21 13:58:08 kid1| Pinger socket opened on FD 21
2017/08/21 13:58:08 kid1| Squid plugin modules loaded: 0
2017/08/21 13:58:08 kid1| Adaptation support is off.
2017/08/21 13:58:08 kid1| Accepting HTTP Socket connections at local=192.168.12.4:3128 remote=[::] FD 18 flags=9
2017/08/21 13:58:08 kid1| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=192.168.12.4:3129 remote=[::] FD 19 flags=41
2017/08/21 13:58:08| pinger: Initialising ICMP pinger ...
2017/08/21 13:58:08| pinger: ICMP socket opened.
2017/08/21 13:58:08| pinger: ICMPv6 socket opened
2017/08/21 13:58:08| Pinger exiting.
2017/08/21 13:58:08 kid1| Store rebuilding is 34.06% complete
2017/08/21 13:58:08 kid1| Done reading /var/spool/squid swaplog (11743 entries)
2017/08/21 13:58:08 kid1| Finished rebuilding storage from disk.
2017/08/21 13:58:08 kid1| 11743 Entries scanned
2017/08/21 13:58:08 kid1| 0 Invalid entries.
2017/08/21 13:58:08 kid1| 0 With invalid flags.
2017/08/21 13:58:08 kid1| 11743 Objects loaded.
2017/08/21 13:58:08 kid1| 0 Objects expired.
2017/08/21 13:58:08 kid1| 0 Objects cancelled.
2017/08/21 13:58:08 kid1| 0 Duplicate URLs purged.
2017/08/21 13:58:08 kid1| 0 Swapfile clashes avoided.
2017/08/21 13:58:08 kid1| Took 0.11 seconds (108490.39 objects/sec).
2017/08/21 13:58:08 kid1| Beginning Validation Procedure
2017/08/21 13:58:08 kid1| Completed Validation Procedure
2017/08/21 13:58:08 kid1| Validated 11743 Entries
2017/08/21 13:58:08 kid1| store_swap_size = 222712.00 KB
2017/08/21 13:58:09 kid1| storeLateRelease: released 0 objects
dns_nameservers 80.94.160.2 80.94.160.3
shutdown_lifetime 2 seconds
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl local src 192.168.12.0/24
#Делаем 3 группы(hard_ban-доступна только почта; medium_ban-доступен весь инет $
acl hard_ban src "/etc/squid/hard_ban"
acl medium_ban src "/etc/squid/medium_ban"
acl light_ban src "/etc/squid/light_ban"
#Прописываю время обеда
acl time_restriction time0 6:00-8:00
acl time_restriction time 13:00-13:45
acl time_restriction time1 17:00-19:00
#Подключаем списки (blacklist - развлекуха; whitelist - только почта$
acl blacklist url_regex -i "/etc/squid/blacklist"
acl whitelist url_regex -i "/etc/squid/whitelist"
acl blacklisthttps dstdom_regex -i "/etc/squid/blacklisthttps"
acl whitelisthttps dstdom_regex -i "/etc/squid/whitelisthttps"
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow manager
http_access deny manager
#http_access allow localhost
#Правила для списков
http_access allow whitelisthttps hard_ban
http_access allow medium_ban !blacklisthttps
http_access allow light_ban
#Правило для времени обеда
http_access allow local time_restriction0
http_access allow local time_restriction
http_access allow local time_restriction2
#Остальных обрезаю
http_access deny all
#Ограничение скорости
#Делаем пулы
delay_pools 2
delay_class 1 2
delay_class 2 2
delay_access 1 allow light_ban
delay_access 1 deny all
delay_access 2 allow medium_ban
delay_access 2 allow hard_ban
delay_access 2 deny all
delay_parameters 1 900000/900000 800000/800000
delay_parameters 2 600000/600000 400000/400000
http_port 192.168.12.4:3128
https_port 192.168.12.4:3129 intercept ssl-bump cert=/etc/squid/squidCA.pem
ssl_bump peek all
ssl_bump splice all
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
#Сквид использует хост
hosts_file /etc/hosts
Закрыто.
Не хватало dns_v4_first on в конфиге.
Тема: SQUID & DNS (Прочитано 1072 раз)
