[squid-users] Squid 3.5 TAG_NONE/503 HIER_NONE
Amos Jeffries
squid3 at treenet.co.nz
Wed May 23 06:11:10 UTC 2018
On 23/05/18 06:30, Rejaine Monteiro wrote:
> has now worked after inserting this parameter:
>
> dns_v4_first on
>
> the strange thing is that I had tried this parameter before, but it
> had not worked (maybe I did something wrong)
>
That directive is a workaround for IPv6 or ICMP misconfiguration on your
network or one of those which exist between your Squid and the IPv6
origin servers for those domains. Whether it works or not is dependent
on the state of the Internet - which can be quite volatile.
If you have disabled IPv6 please ensure that your method if disabling is
firewall reject rules with appropriate ICMPv6 responses rather than
kernel hacks or dropping packets. A lot of old texts says things like
disabling kernel modules or interfaces does it - they are wrong. All
that does is break IPv6 on the relevant machine, which can result in
this type of behaviour for software like Squid following IP handling
requirements.
If you have disabled all ICMP traffic on your network please fix that.
ICMP is not an optional protocol and admin blocking it in firewalls can
cause major problems when IPv6 relies on it for routing. Specifically
for MTU detection:
<https://tools.ietf.org/html/rfc4890>
<https://sites.google.com/site/ipv6center/icmpv6-is-non-optional>
If you are able to track the IPv6 issue down to a network beyond yours
please help everyone if you can by contacting the relevant admin and
trying to get them to fix their network.
Cheers
Amos
More information about the squid-users
mailing list