Re: AW: AW: AW: AW: [squid-users] Re: dns_v4_first on ignored?

From: Petter Abrahamsson <petter_at_jebus.nu>
Date: Tue, 12 Feb 2013 12:01:27 -0500

Christian,

This sounds very similar to what I have seen with a few sites.
My solution was to add the problematic domains to /etc/hosts (only ipv4
address) and restart squid. I'm not proud or happy about this solution but
it does the trick for me.

Kind regards,
/petter

On Tue, Feb 12, 2013 at 5:36 AM, Sandrini Christian (xsnd) <xsnd_at_zhaw.ch> wrote:
> That is what I guessed as well. But we can not control their DNS and the "solution" so far was not to check for AAAA records. It is silly for one domain but it is a quite important one that is used a lot.
>
> Not sure if there is any alternatives? I thought that squid 3.2 is doing parallel lookups to AAAA and A records?
>
> -----Ursprüngliche Nachricht-----
> Von: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Gesendet: Dienstag, 12. Februar 2013 10:54
> An: squid-users_at_squid-cache.org
> Betreff: Re: AW: AW: AW: AW: [squid-users] Re: dns_v4_first on ignored?
>
> On 12/02/2013 8:41 p.m., Sandrini Christian (xsnd) wrote:
>> Hi
>>
>> I have now enabled ipv6
>>
>> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
>> link/ether 00:50:56:a6:07:27 brd ff:ff:ff:ff:ff:ff
>> inet 160.85.104.14/24 brd 160.85.104.255 scope global eth1
>> inet6 fe80::250:56ff:fea6:727/64 scope link
>> valid_lft forever preferred_lft forever
>>
>> When I dig for AAAA record to ipv6.idrobot.net I don't get a timeout
>>
>> dig AAAA ipv6.idrobot.net
>>
>> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> AAAA
>> ipv6.idrobot.net ;; global options: +cmd ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34596 ;; flags:
>> qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;ipv6.idrobot.net. IN AAAA
>>
>> ;; AUTHORITY SECTION:
>> net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1360654692 1800 900 604800 86400
>>
>> ;; Query time: 17 msec
>> ;; SERVER: 160.85.192.100#53(160.85.192.100) ;; WHEN: Tue Feb 12
>> 08:38:40 2013 ;; MSG SIZE rcvd: 107
>>
>> When I dig for AAAA record to www2.zhlex.zh.ch I get one
>>
>> dig AAAA www2.zhlex.zh.ch
>>
>> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> AAAA
>> www2.zhlex.zh.ch ;; global options: +cmd ;; connection timed out; no
>> servers could be reached
>>
>>
>> Do you have the same timout as well with that host and ipv6 running? This is a domain which is queried a lot.
>
> Yes. I traced it through three CNAME redirections to a pair of DNS servers which do not respond to any AAAA queries.
>
>
> # dig AAAA zhcompublicweb1.subd.djiktzh.ch @lc1.djiktzh.ch
>
> ; <<>> DiG 9.3.6-P1 <<>> AAAA zhcompublicweb1.subd.djiktzh.ch
> @lc1.djiktzh.ch
> ;; global options: printcmd
> ;; connection timed out; no servers could be reached
>
>
> # dig AAAA zhcompublicweb1.subd.djiktzh.ch @lc2.djiktzh.ch
>
> ; <<>> DiG 9.3.6-P1 <<>> AAAA zhcompublicweb1.subd.djiktzh.ch
> @lc2.djiktzh.ch
> ;; global options: printcmd
> ;; connection timed out; no servers could be reached
>
>
> Those DNS servers lc1.djiktzh.ch and lc2.djiktzh.ch are broken.
>
> Amos
Received on Tue Feb 12 2013 - 17:01:37 MST

This archive was generated by hypermail 2.2.0 : Wed Feb 13 2013 - 12:00:04 MST