[squid-users] squid-5.4 blocking on ipv6 outage

[Jason Haar]

Hi there

I've noticed that the Internet ipv6 is not quite as reliable as ipv4, in
that squid reports it cannot connect to web servers with an ipv6 error when
the web server is still available over ipv4.

eg right now one of our Internet-based web apps (which has 2 ipv6 and 2
ipv4 IP addresses mapped to it's DNS name) is not responding over ipv6 for
some reason (I dunno - not involved myself) - but is working fine over
ipv4. Squid-5.4 is erroring out - saying that it cannot connect to the
first ipv6 address with a "no route to host" error. But if I use good-ol'
telnet to the DNS name, telnet shows it trying-and-failing against both
ipv6 addresses and then succeeds against the ipv4. ie it works and squid
doesn't. BTW the same squid server is currently fine with ipv6 clients
talking to it and it talking over ipv6 to Internet hosts like google.com -
ie this is an ipv6 outage on one Internet host where it's ipv4 is still
working.

This doesn't seem like a negative_dns_ttl setting issue, it seems like
squid just tries one address on a multiple-IP DNS record and stops trying?
I even got tcpdump up and can see that when I do a "shift-reload" on the
webpage, squid only sends a few SYN packets to the same non-working IPv6
address - it doesn't even try the other 3 IPs?

I also checked squidcachemgr.cgi and the DNS record isn't even cached in
"FQDN Cache Stats and Contents", which I guess is consistent with it's
opinion that it's not working.

Any ideas what's going on there? thanks!

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220221/594bbf09/attachment.htm>