[squid-users] Squid not failing over to secondary DNS host
Amos Jeffries
squid3 at treenet.co.nz
Mon Oct 16 14:22:32 UTC 2017
On 16/10/17 20:24, Geoffrey wrote:
> Hello Amos
>
>> Do you have ICMP and ICMPv6 working in your network? If not that is probably part of the issue.
>
> AND
>
>> Are you using DROP rules or policies in your firewalls? that can also lead to missing packets like this.
>
> You may be getting warm. I have IPv6 disabled on the proxy server
> (kernel), but more interestingly I notice that the Windows System
> Admin has a bunch of ICMP ingress block rules on the Windows DNS
> servers.
>
> What ICMP does Squid (or is it the pinger involved?) require for DNS
> to failover. I will have to ask the Windows Admin to make the changes
> via group policy, as i cannot modify.
>
pinger uses ICMP echo, so that is optional.
The other parts of ICMP which control TCP routing, path MTU, IP
discovery / ARP and such things which are critical.
See <https://tools.ietf.org/html/rfc4890> for guidelines
and <https://sites.google.com/site/ipv6center/icmpv6-is-non-optional>
for a case study on why those guidelines need to be followed.
Amos
More information about the squid-users
mailing list