Search squid archive

Re: AW: AW: AW: Re: dns_v4_first on ignored?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 2/12/2013 2:09 AM, Amos Jeffries wrote:

No. A bug report will not make any difference here. dns_v4_first is
about the sorting the results found, not the lookup order. AAAA is
faster than A in most networks, so we perform that lookup first in 3.1.
This was altered in 3.2 to perform happy-eyeballs parallel lookups
anyway so most bugs in the lookup code of 3.1 will be closed as irrelevant.

Note that the current supported release is now 3.3.1.

Thanks,

The logic seems odd to me and now I understood the reason to what happens.
> This is VERY likely to be the problem. Squid tests for IPv6 ability automatically by opening a socket on a private IP address, if that works the socket options are noted and used. There is no way for Squid to identify in advance of opening upstream connections whether the NIC the kernel chooses to use will be v6-enabled or not. > Notice that the method used to disable IPv6 was to simply not assign IPv6 address to the NIC, nothing at the sockets layer was actually disabled. So every NIC needs to be checked and disabled individually as well, and any sub-system loading IPv6 functionality into the kernel also needs disabling as well. 

>(Warning: soapbox)
> The big question is, why disable in the first place? v6 is faster and more efficient than v4 when you get it going properly. And one he*l of a lot easier to administrate. If any of your upstreams supply native connections it is well worth taking the option up. If not there is always 6to4 or other tunnel types that can be built right to the proxy box to get IPv6 at only a small initial latency on the SYN packet (ping 192.88.99.1 to see what 6to4 adds for you). Note that these are IPv6 connectivity initiated from the proxy to the Internet *only*, so firewall alterations are minimal to get Squid v6-enabled. 

Amos
The main problem with IPV6 is that most of the ISPs around the world dosn't support\provide it yet. While trying to use a 4to6 tunnel I have seen some weird stuff going on when a gateway is used. A proxy is another thing and speed is most likely the issue in the cases which 4to6 tunnel is not being used. 

Regards,
--
Eliezer Croitoru
http://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux