[squid-users] 3.5.4 Can't access Google or Yahoo SSL pages

[Jason Haar]

On 04/05/15 20:53, Chris Palmer wrote:
> There has been a change in behaviour in 3.5.4. It now really does
> prefer to contact a site using an ipv6 address rather than a v4. The
> network stack here doesn't permit v6 so the traffic to sites such as
> google was failing. Setting the following restored the previous
> behaviour:
>
> dns_v4_first on

As far as I'm aware squid won't try to use ipv6 unless your server has a
Global address, so that shouldn't be needed? Also, wouldn't squid simply
treat that as a DNS name that resolves to a bunch of addresses, so as
long as the IPv6 addresses fail to connect at all, it should have still
ended up succeeding with ipv4 addresses?

Finally, I'm running squid-3.5.4, don't have ipv6 (just like everyone
else, I still do have the standard fe80:xxx ipv6 link local address) and
google.com works just fine without "dns_v4_first" - which implies my
statements above are correct

ie this smells like you actually do have ipv6 enabled, but it's broken
in some subtle way (like the pmtu issue Amos mentioned)

-- 
Cheers

Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1