Interesting! I'd suggest leaving it on by default though and logging statistics
showing the number of requests which had an ipv6 reply but couldn't be connected
to, but could be connected to via ipv4.
You want IPv6 support to be as transparent and functional as possible out of
the box so people don't just disable IPv6 at the first sign of instability.
Adrian
On Wed, Oct 10, 2007, Amos Jeffries wrote:
> Update of cvs.devel.squid-cache.org:/cvsroot/squid/squid3/src
>
> Modified Files:
> Tag: squid3-ipv6
> cf.data.pre dns_internal.cc structs.h
> Log Message:
> Following DNS best-practice will cause squid to deny some possible requests
>
> Can be caused by two things:
> 1) The tunnel / IPv6 access is down.
> 2) The remote server is broken. Advertising web service on a domain
> that resolves to addresses which can't accept it.
>
> This adds a slightly nasty option "dns_v4_fallback" ("on" or "off") which
> will force squid to break the standards and do both A and AAAA requests.
>
> pro: it seamlessly recovers from some IPv6 breakages in the local network.
> or at least hides the error from clients and converts to IPv4.
>
> cons:
> doubles the DNS queries per request that squid does.
> will start using all IPv4 and IPv6 addresses as equal in its IP balancing.
> (standards behaviour is to prefer IPv6 when given, ignoring IPv4).
>
> Default for this is OFF by design and should stay that way.
> I leave it to individual admin to turn on if they judge their network
> fundamentally unfixable enough to warrant it.
>
>
> Index: structs.h
> ===================================================================
> RCS file: /cvsroot/squid/squid3/src/structs.h,v
> retrieving revision 1.66.2.32
> retrieving revision 1.66.2.33
> diff -C2 -d -r1.66.2.32 -r1.66.2.33
> *** structs.h 6 Oct 2007 15:17:07 -0000 1.66.2.32
> --- structs.h 10 Oct 2007 00:51:42 -0000 1.66.2.33
> ***************
> *** 547,550 ****
> --- 547,551 ----
> int httpd_suppress_version_string;
> int global_internal_static;
> + int dns_require_A;
> }
>
>
> Index: dns_internal.cc
> ===================================================================
> RCS file: /cvsroot/squid/squid3/src/dns_internal.cc,v
> retrieving revision 1.15.6.29
> retrieving revision 1.15.6.30
> diff -C2 -d -r1.15.6.29 -r1.15.6.30
> *** dns_internal.cc 7 Aug 2007 08:44:47 -0000 1.15.6.29
> --- dns_internal.cc 10 Oct 2007 00:51:41 -0000 1.15.6.30
> ***************
> *** 1001,1011 ****
>
> #if USE_IPV6
> ! if(n <= 0 && q->need_A)
> {
> /* ERROR or NO AAAA exist. Failover to A records. */
> if(n == 0)
> debugs(78, 3, "idnsGrokReply: " << q->name << " has no AAAA records. Looking up A record instead.");
> ! else
> debugs(78, 3, "idnsGrokReply: " << q->name << " AAAA query failed. Trying A now instead.");
>
> idnsDropMessage(message, q);
> --- 1001,1013 ----
>
> #if USE_IPV6
> ! if(q->need_A && (Config.onoff.dns_require_A == 1 || n <= 0 ) )
> {
> /* ERROR or NO AAAA exist. Failover to A records. */
> if(n == 0)
> debugs(78, 3, "idnsGrokReply: " << q->name << " has no AAAA records. Looking up A record instead.");
> ! else if(q->need_A)
> debugs(78, 3, "idnsGrokReply: " << q->name << " AAAA query failed. Trying A now instead.");
> + else // admin requested this.
> + debugs(78, 3, "idnsGrokReply: " << q->name << " AAAA query done. Configured to retrieve A now also.");
>
> idnsDropMessage(message, q);
> ***************
> *** 1448,1451 ****
> --- 1450,1454 ----
> }
>
> + /* PTR does not do inbound A/AAAA */
> q->need_A = false;
>
>
> Index: cf.data.pre
> ===================================================================
> RCS file: /cvsroot/squid/squid3/src/cf.data.pre,v
> retrieving revision 1.68.2.40
> retrieving revision 1.68.2.41
> diff -C2 -d -r1.68.2.40 -r1.68.2.41
> *** cf.data.pre 30 Sep 2007 16:13:29 -0000 1.68.2.40
> --- cf.data.pre 10 Oct 2007 00:51:41 -0000 1.68.2.41
> ***************
> *** 5035,5038 ****
> --- 5035,5058 ----
> DOC_END
>
> + NAME: dns_v4_fallback
> + TYPE: onoff
> + DEFAULT: off
> + LOC: Config.onoff.dns_require_A
> + DOC_START
> + Standard practice with DNS is to lookup either A or AAAA records
> + and use the results if it succeeds. Only looking up the other if
> + the first attempt fails or otherwise produces no results.
> + By default squid internal DNS follows that policy.
> +
> + That policy however will cause squid to produce error pages for some
> + servers that advertise AAAA but are unreachable over IPv6.
> +
> + Turning this ON will force squid to always lookup both AAAA and A.
> +
> + WARNING: There are some possibly unwanted side-effects with this on:
> + *) Doubles the load placed by squid on the DNS network.
> + *) May negatively impact connection delay times.
> + DOC_END
> +
> NAME: ipcache_size
> COMMENT: (number of entries)
Received on Wed Oct 10 2007 - 00:10:04 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Oct 30 2007 - 13:00:03 MDT