[squid-users] squid-5.4 blocking on ipv6 outage
Alex Rousskov
rousskov at measurement-factory.com
Mon Feb 21 14:16:50 UTC 2022
On 2/20/22 20:43, Jason Haar wrote:
> I've noticed that the Internet ipv6 is not quite as reliable as ipv4, in
> that squid reports it cannot connect to web servers with an ipv6 error
> when the web server is still available over ipv4.
>
> eg right now one of our Internet-based web apps (which has 2 ipv6 and 2
> ipv4 IP addresses mapped to it's DNS name) is not responding over ipv6
> for some reason (I dunno - not involved myself) - but is working fine
> over ipv4. Squid-5.4 is erroring out - saying that it cannot connect to
> the first ipv6 address with a "no route to host" error. But if I use
> good-ol' telnet to the DNS name, telnet shows it trying-and-failing
> against both ipv6 addresses and then succeeds against the ipv4. ie it
> works and squid doesn't. BTW the same squid server is currently fine
> with ipv6 clients talking to it and it talking over ipv6 to Internet
> hosts like google.com <http://google.com> - ie this is an ipv6 outage on
> one Internet host where it's ipv4 is still working.
>
> This doesn't seem like a negative_dns_ttl setting issue, it seems like
> squid just tries one address on a multiple-IP DNS record and stops
> trying? I even got tcpdump up and can see that when I do a
> "shift-reload" on the webpage, squid only sends a few SYN packets to the
> same non-working IPv6 address - it doesn't even try the other 3 IPs?
>
> I also checked squidcachemgr.cgi and the DNS record isn't even cached in
> "FQDN Cache Stats and Contents", which I guess is consistent with it's
> opinion that it's not working.
>
> Any ideas what's going on there? thanks!
Squid is supposed to send both A and AAAA DNS queries for the uncached
domain and then try the first IP it can DNS-resolve and TCP-connect to.
If that winning destination does not work at HTTP level, then Squid may,
in some cases, try other destinations. There are lots of variables and
nuances related to the associated Happy Eyeballs and reforwarding
algorithms. It is impossible to say for sure what is going on in your
specific case without more information.
Your best bet may be to share an ALL,9 cache.log that reproduces the
problem using a single isolated test transaction:
https://wiki.squid-cache.org/SquidFaq/BugReporting#Debugging_a_single_transaction
HTH,
Alex.
More information about the squid-users
mailing list