Ubuntu
squid package

Setting squid's udp_incoming_address address to 127.0.0.1 stop its DNS requests working

Bug #239302 reported by Ralph Corderoy
4
Affects Status Importance Assigned to Milestone
squid (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: squid

Ubuntu 8.04, squid 2.6.18-1ubuntu3.

By default, squid was listening for TCP connections and UDP packets on
all interfaces. This can be checked with

    sudo netstat -tulep | grep -i squid

I wanted to make listen only on localhost for incoming HTTP connections
on port 3128, the default port, and also only send and receive on
localhost for inter-squid ICP packets since I've no other squids to talk
to.

Editing /etc/squid/squid.conf to set `http_port localhost:3128' worked
for the TCP port.

Setting `udp_incoming_address 127.0.0.1' did cause the UDP listening
socket(s) to be only on that interface, but also caused squid to stop
proxying. /var/log/squid/cache.log has pairs of lines, several for each
incoming request.

    2008/06/11 21:45:00| comm_udp_sendto: FD 6, 212.159.6.10, port 53: (22) Invalid argument
    2008/06/11 21:45:00| idnsSendQuery: FD 6: sendto: (22) Invalid argument

strace(8) confirmed that squid was attempting DNS lookups on the
request's host but sendto(2) was returning EINVAL. lsof(8) can be used
to confirm that the DNS request is trying to be sent to my ISPs DNS
server through a UDP socket bound to the loopback interface. The socket
used by idnsSendQuery() for DNS requests is initialised in
src/dns_internal.c's idnsInit().

    if (DnsSocket < 0) {
        int port;
        struct in_addr addr;
        if (Config.Addrs.udp_outgoing.s_addr != no_addr.s_addr)
            addr = Config.Addrs.udp_outgoing;
        else
            addr = Config.Addrs.udp_incoming;
        DnsSocket = comm_open(SOCK_DGRAM,
            IPPROTO_UDP,
            addr,
            0,
            COMM_NONBLOCKING,
            "DNS Socket");

By default, Config.Addrs.udp_outgoing is 255.255.255.255 (no_addr) and
Config.Addrs.udp_incoming is 0.0.0.0. This means the DNS socket is
opened on 0.0.0.0, all interfaces, so sendto() to the DNS server works
wherever it is. By setting `udp_incoming_address 127.0.0.1', I've made
squid send UDP DNS requests out of 127.0.0.1 destined for the Internet;
EINVAL.

It should be possible to specify a new `dns_outgoing_address' config
item separately and have that default to 0.0.0.0. At it stands, I have
to have squid sitting on the Internet, listening for UDP packets from
the Internet, when it doesn't need them.

Having found the problem, I find it was known about in 2003.

    http://www.squid-cache.org/mail-archive/squid-users/200301/0676.html

I really think this needs addressing. It's more reassuring to have
servers listening on as few interfaces as necessary.

Revision history for this message
ledestin (ledestin) wrote :

Is there a reason you're not using udp_outgoing_address? Solved the problem for me.

Revision history for this message
Jeff Enns (cyberpenguinks) wrote :

I've noticed this bug report is stale without any recent updates. Is this still and issue? Let me know any I can try to help you. Thank you.

Changed in squid (Ubuntu):
status: New → Invalid
Revision history for this message
Darren VanBuren (onekopaka) wrote :

I was having a similar problem (not on Ubuntu though) but changing udp_outgoing_address did help.

Thanks to ledestin for that suggestion.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.