[squid-users] confused over ipv6 failing on ipv4-only network

Jason Haar Jason_Haar at trimble.com
Wed Jan 6 06:29:39 UTC 2016


On 06/01/16 17:39, Amos Jeffries wrote:
> On 6/01/2016 5:04 p.m., Jason Haar wrote:
>> Hi there
>>
>> Weird - several times in the past couple of months I have found I cannot
>> get to http://wiki.squid-cache.org/ - I get the error below from my
>> squid-3.5.11 server which does not have a Global ipv6 address (it has a
>> Local ipv6/fe80: on the Ethernet card - but nothing else). Google.com
>> (which is fully ipv6 capable) works fine - so far only
>> wiki.squid-cache.org has shown up this way to me (ie I don't see this
>> error message.
>>
>> On the squid server, "dig a" shows valid ipv4 addresses and "dig aaaa"
>> shows the ipv6 address - but why is squid even trying to connect over
>> ipv6 If doesn't have an ipv6 address?
>>
>> Could this be a case of the "A" record failing to return fast enough,
>> forcing squid to only try ipv6 - which then leads to the error message
>> referring to the ipv6 address?
> Squid waits for both A and AAAA before continuing after DNS lookup. The
> only way to get only IPv6 results is for your DNS server to produce no A
> results at all. Timeout _could_ do that, but the default is 30 sec so
> unlikely.

I think that must be the case, because when I saw the problem this
morning, I immediately ssh'ed into the squid server and nslookup showed
it was resolving the name to it's A record just fine (by then) - and
telnet-ing to the IPv4 address was fine too. So it must have either
timed out on the A lookups (but not the AAAA records), or the DNS server
didn't return A records at all? I don't think there's a way to query
squid to see what it's current DNS cache is? That would definitively
answer that question


> The Squid wiki is dual-stacked with IPv4 addresses. Sice you have
> v4-only network the thing to do is find out why the IPv4 are not
> working for your Squid. 

Well yeah  - but I frankly don't see this on any other website (like
google.com) - just wiki.squid-cache.org - so I think there's something
going on between those DNS servers and my squid server sitting on a
SPARK NZ network
> This just means that IPv6 was the *last* thing tried. It is entirely
> probable that IPv4 were tried first and also failed. Particularly if you
> have dns_v4_first turned on.

No - I don't have dns_v4_first defined at all - so that should be trying
both ipv4 and ipv6 if both DNS records were available.

>
> NP: if you have dns_v4_first off (default) then the error message should
> say some IPv4 failed. Since it gets tried last.
Well that isn't happening - which is why I suspect I'm not getting any
"A" records back at all (or very late). Sadly this isn't repeatable at
will - right now the wiki is working fine


-- 
Cheers

Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1



More information about the squid-users mailing list