On Tue, Apr 03, 2012 at 10:28:38AM +1200, Amos Jeffries wrote: > On 03.04.2012 02:21, Peter Olsson wrote: > > Hello! > > > > Squid 3.1.19. > > > > Our squid servers are dual stack IPv4/IPv6 since about a year, > > with this config "hack": > > > > tcp_outgoing_address x:x:x:x::x to_ipv6 > > tcp_outgoing_address x.x.x.x !to_ipv6 > > acl to_ipv6 dst ipv6 > > http_access allow to_ipv6 !all > > > > But now our users are tired of webs that announce IPv6 addresses > > but don't answer on port 80 on these addresses. So I enabled > > dns_v4_first in the config and did squid -k reconfigure. > > But it didn't help, we still get IPv6 timeouts towards > > misconfigured web sites. > > > > I'm guessing that dns_v4_first and the ipv6 config above are > > mutually exclusive? Should I change the tcp_outgoing_address > > line to just this: > > tcp_outgoing_address x:x:x:x::x > > tcp_outgoing_address x.x.x.x > > and remove these lines: > > acl to_ipv6 dst ipv6 > > http_access allow to_ipv6 !all > > > > Or will this remove all of our IPv6 connectivity through squid? > > > > You are the first person to report any issues. They are interrelated > but should not be exclusive. Does ordering the tcp_outgoing_address with > IPv4 address first help? > > Amos Changing order of tcp_outgoing_address doesn't help, our squid with "dns_v4_first on" still gives the Operation timed out error, and it is trying to connect to the IPv6 address of the web server. I also tried removing these four lines completely: tcp_outgoing_address x:x:x:x::x to_ipv6 tcp_outgoing_address x.x.x.x !to_ipv6 acl to_ipv6 dst ipv6 http_access allow to_ipv6 !all But that didn't help either, it still tries the IPv6 address even though I have dns_v4_first on. Is there some internal DNS timeout in squid that I should wait for before testing between changes? What debug setting should I use to see why squid is choosing the IPv6 address? Thanks! -- Peter Olsson pol@xxxxxxxxxxx
