I've seen this question asked many times on serverfault (and other places), but have not found a solution.
I'm using Squid version 3.1.19 standard Ubuntu 12.04 package.
I get the following error in a browser:
The following error was encountered while trying to retrieve the URL: http://www.standardandpoors.com/home/en/us
Unable to determine IP address from host name www.standardandpoors.com
The DNS server returned:
Name Error: The domain name does not exist.
This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct.
From the proxy server I can resolve the address just fine.
access.log error: 1361372441.048 216 10.0.0.5 TCP_MISS/503 4907 GET http://www.standardandpoors.com/home/en/us – DIRECT/www.standardandpoors.com text/html
For some reason it does not seem to be resolving and the DIRECT peering code is showing the hostname instead of the ip. IPs do show up on every other request.
log_ip_on_direct is on
I've tried disabling caching, explicitly using the dns_nameservers directive, even putting the host in /etc/hosts. Any help is appreciated!
I discovered that when I use a public DNS with dns_nameservers (I tried with 8.8.8.8) the IP resolves and I don't get a squid error. I can't use a public DNS for intranet etc. so it's not a solution. Also as I mentioned before it resolves with nslookup.
Another strange thing is that a packet capture when trying to browse with a browser on the server not going through the proxy shows:
DNS Standard query response, No such name
A capture when doing an nslookup from the same server shows:
DNS Standard query response A 204.8.132.217
EDIT Using the WinGate proxy with the same local DNS servers works.
Best Answer
Delegation of the zone "www.standardandpoors.com" (note the zone begins www) is broken.
The servers for standardandpoors.com say there are two name servers for www.
These two servers answer for A requests but not for "NS" requests, or other requests - despite claiming to be BIND 9.4.3-P3. They answer for SOA requests for the parent domain.
I assume either some sort of load balancer (I've seen them broken like this before), or just the normal borked nature of many DNS delegations. BIND 9 seems to handle this form of borked delegation adequately.
As others asked - what name servers are not handling this well? Are you messing with forwarding, or slaving zones, or similar internally?