Jan Houtsma wrote:
> Op 10-3-2010 1:44, Amos Jeffries schreef:
>> On Tue, 09 Mar 2010 21:42:42 +0100, Jan Houtsma <list_at_houtsma.net> wrote:
>>
>>> Op 9-3-2010 21:37, Henrik Nordström schreef:
>>>
>>>> tis 2010-03-09 klockan 19:49 +0100 skrev Jan Houtsma:
>>>>
>>>>
>>>>
>>>>> Yes. The wget was from the squid server itself where using the proxy
>>>>>
>> it
>>
>>>>> fails, and using direct internet connection it works.
>>>>>
>>>>>
>>>> What does access.log say when it fails? Do the reported server address
>>>> match what you expect it to be for the requested host?
>>>>
>>>>
>>> 1268167273.909 250 192.168.1.16 TCP_MISS/503 4234 GET
>>> http://www.google.com/ - DIRECT/www.google.com text/html
>>>
>>>
>>>>
>>>>
>>>>> So when squid is forwarding the http-GET request it fails. But when
>>>>>
>> wget
>>
>>>>> itself sends the http-GET request it works.
>>>>>
>>>>>
>>>> Perhaps time to fire up wireshark to look at the traffic..
>>>>
>>>> The error message received is very low level.. squid could not even
>>>>
>> open
>>
>>>> the TCP connection to the server.
>>>>
>>>> Regards
>>>> Henrik
>>>>
>>>>
>>> Yea, will do that
>>>
>> That log trace you showed had Squid attempting and failing to connect to
>> IPv6-google.
>> I would suspect a v6 routing failure here. Squid-3.1 has known bugs with
>> failover to IPv4 if IPv6 fails on a mixed-IP domain.
>> Does the wget direct test you made from the Squid box use google IPv6
>> addresses for its succeeding connection?
>>
>> Amos
>>
>
> Hi,
>
> I agree! Then how can i prevent this? I also noticed mixed AAAA and A
> records coming back from the resolver in the tcpdump traces. Is quid
> confused? But i don't know if that could be the reason that squid fails
> and succeeds when i press ^R within a few seconds after the first
> failure..... If that is IP-v6 related what should i do? I guess i am not
> the only person in the world that is using squid v3.1 on a fedora box. I
> think it's strange that only i seem to have this symptom? It also only
> started recently. Can it be that google made changed in DNS or that
> squid was updated via yum? I do see squid was updated on both march 28
> and on march 5 on my box.
>
> Nov 25 20:39:57 Updated: 7:squid-3.0.STABLE10-1.fc10.x86_64
> Dec 22 22:03:18 Updated: 7:squid-3.0.STABLE10-3.fc10.x86_64
> Feb 28 16:19:57 Updated: 7:squid-3.1.0.16-6.fc12.x86_64
> <----- Google problem started to happen here???
> Mar 05 14:38:11 Updated: 7:squid-3.1.0.17-3.fc12.x86_64
>
> It could well be that it started on feb 28 when squid was bumped up to
> version 3.1??
>
Most likely. 3.1 adds IPv6 support where 3.0 would not even try to use
it. Henrik is the one who would know if the "-3" patched package fixes
the related issues from 3.1.0.16.
I more suspect some blockage somewhere in the network, however. Squid is
getting "cannot connect", which indicates something like a firewall or
tunnel PMTU issue between Squid and google.
The squid internal issues I know of tend to show up as "cannot assign
address", or "family not supported", or trying to contact a mangled
v4-mapped address.
FWIW: We are happily receiving Google IPv6 here with the code about to
be released as 3.1.0.18. Available in daily snapshots now.
Amos
-- Please be using Current Stable Squid 2.7.STABLE8 or 3.0.STABLE24 Current Beta Squid 3.1.0.17Received on Wed Mar 10 2010 - 08:12:14 MST
This archive was generated by hypermail 2.2.0 : Wed Mar 10 2010 - 12:00:03 MST