- Red Hat Enterprise Linux (RHEL) 7
- Is there a fix in the Red Hat distributed squid for the upstream
squidbug #4007 Hang on DNS query with dead-end CNAME?
- We are observing unexpected CLOSE_WAIT connections after telnet quit:
# netstat -natp tcp6 1 0 ::1:8080 ::1:4285 CLOSE_WAIT - $ /usr/bin/squidclient -p 8080 mgr:active_requests ... Connection: 0x565477e1ee28 FD 33, read 46, wrote 0 FD desc: Reading next request in: buf 0x56547877c640, used 0, free 39 remote: [::1]:4285 local: [::1]:8080 nrequests: 1 uri www.example.com:443 logType TAG_NONE out.offset 0, out.size 0 req_sz 46 entry (nil)/N/A start 1534921819.179745 (707.093529 seconds ago) username - delay_pool 0
squid-3.5.20-12.el7_6.1 shipped with
7.6.Z Stream Advisory RHBA-2019:0181 or newer.
Previously, if a host was requested with a Canonical Name (
CNAME) record that did not point to an
IP address, the squid server did not terminate the connection. Consequently, the connection became unresponsive. This bug has been fixed, and squid now closes the connection immediately in the described scenario.
When given a host with a CNAME pointing to no address the connection hangs forever with the following in the log:
18:01:01 kid1| ipcacheParse: No Address records in response to 'example.com' 18:05:15 kid1| ipcacheParse: No Address records in response to 'example.com'
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.