Hi I am using squid-3.2.6. Our network interfaces have IPV6INIT=no. We do not use ipv6. In squid.conf we have set dns_v4_first to on but it still lookups for the AAAA record on certain pages which ends in a timeout after about 2 minutes before it searches for the A record. This config works if I completely remove ipv6 kernel module but I'd rather not do that. Have I configured something wrong? We have the following config # ------------------------------------------------------------------------------- # - Global Configuration # ------------------------------------------------------------------------------ # Look for ipv4 first dns_v4_first on acl to_ipv6 dst ipv6 tcp_outgoing_address 160.85.104.14 !to_ipv6 # Port to listen http_port 160.85.104.14:8080 # Coredump directory coredump_dir /var/spool/squid # Cache settings cache_effective_user squid cache_effective_group squid cache_mem 3072 MB cache_dir aufs /var/cache/squid 25000 64 256 maximum_object_size_in_memory 50 KB # Mail of which will be notified when squid dies cache_mgr servicedesk@xxxxxxx # Do not allow underscores in hostnames allow_underscore off # DNS Settings dns_retransmit_interval 3 seconds dns_nameservers 160.85.192.100 append_domain .zhaw.ch # Other settings hierarchy_stoplist cgi-bin ? ftp_user wwwuser@xxxxxxx request_timeout 30 seconds httpd_suppress_version_string on visible_hostname srv-app-904.zhaw.ch unique_hostname srv-app-904.zhaw.ch # ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------ # - Define ports # ------------------------------------------------------------------------------ acl SSL_ports port 443 8443 28443 50001 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------ # - Define networks # ------------------------------------------------------------------------------ acl bigip src 160.85.104.21/32 # F5 forward-proxy acl monhost src 160.85.192.190/32 # mon.zhaw.ch acl snmppublic snmp_community Fast3thernet acl ZHAWnet src 160.85.0.0/16 # ZHAW acl ZHAWnet src 195.176.253.59/32 # HSWNAT acl ZHAWnet src 10.196.0.0/16 # VoIP acl ZHAWnet src 10.194.4.0/22 # HAP acl ZHAWnet src 10.194.36.0/22 # HSSAZ acl ZHAWnet src 172.28.8.0/24 # Management Netz 1 acl ZHAWnet src 172.28.9.0/24 # Management Netz 2 acl ZHAWnet src 172.28.10.0/24 # FET-DEV acl ZHAWnet src 172.28.11.0/24 # FET-TEST acl ZHAWnet src 172.28.12.0/24 # BET-DEV acl ZHAWnet src 172.28.13.0/24 # BET-TEST acl ZHAWnet src 172.28.14.0/24 # FET-VDP acl ZHAWnet src 172.28.15.0/24 # FET-VDP acl STAFFMGR src 160.85.85.0/26 acl srv-ts-057 src 160.85.186.73/32 acl srv-ts-058 src 160.85.186.74/32 acl MONZHAWCH dstdomain mon.zhaw.ch acl ZREG dstdomain zreg.zhaw.ch acl EXCLUDE dstdomain domzhwin01.zhaw.ch acl EXCLUDE dstdomain domzhwin02.zhaw.ch acl EXCLUDE dstdomain domzhwin03.zhaw.ch acl EXCLUDE dstdomain dc01.zhaw.ch acl EXCLUDE dstdomain dc02.zhaw.ch acl EXCLUDE dstdomain dc03.zhaw.ch acl EXCLUDE dstdomain dc04.zhaw.ch acl EXCLUDE dstdomain dc10.zhaw.ch acl EXCLUDE dstdomain dc11.zhaw.ch acl EXCLUDE dstdomain turtle.zhaw.ch acl EXCLUDE dstdomain zebra.zhaw.ch acl EXCLUDE dstdomain dolphin.zhaw.ch acl EXCLUDE dstdomain orca.zhaw.ch acl EXCLUDE dstdomain kangaroo.zhaw.ch acl EXCLUDE dstdomain lobster.zhaw.ch acl EXCLUDE dstdomain calamari.zhaw.ch acl EXCLUDE dstdomain warthog.zhaw.ch acl EXCLUDE dstdomain billabong.zhaw.ch acl EXCLUDE dstdomain zeus.zhaw.ch acl EXCLUDE dstdomain rhino1.zhaw.ch acl EXCLUDE dstdomain rhino2.zhaw.ch acl EXCLUDE dstdomain zhaw.zhaw.ch acl EXCLUDE dstdomain barracuda.zhaw.ch acl EXCLUDE dstdomain caesar.zhaw.ch acl EXCLUDE dstdomain octopus.zhaw.ch acl EXCLUDE dstdomain pandora.zhaw.ch acl EXCLUDE dstdomain gonzo.zhaw.ch acl PURGE method PURGE acl PUT method PUT acl PROPFIND method PROPFIND # ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------ # - Access rules # ------------------------------------------------------------------------------ # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # deny rules http_access deny !STAFFMGR MONZHAWCH http_access deny !STAFFMGR ZREG http_access deny EXCLUDE # http rules http_access allow localhost http_access allow ZHAWnet http_access allow PUT ZHAWnet http_access allow PURGE localhost http_access allow PROPFIND srv-ts-057 http_access allow PROPFIND srv-ts-058 # And finally deny all other access to this proxy (MUST be at the end) http_access deny all icp_access deny all # ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------ # - Other rules # ------------------------------------------------------------------------------ # X-Forwarded-For header can be trusted in requests from localhost and F5 # appliance. follow_x_forwarded_for allow localhost follow_x_forwarded_for allow bigip acl_uses_indirect_client on delay_pool_uses_indirect_client on log_uses_indirect_client on acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9] acl apache rep_header Server ^Apache # ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------ # - Refresh Patterns # ------------------------------------------------------------------------------ # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 # ------------------------------------------------------------------------------
