Search squid archive

Re: Squid Sending AAAA DNS queries

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 27/07/2013 10:57 p.m., Golden Shadow wrote:
Hi Amos,

Thanks a lot for your detailed reply.

I have disabled IPv6 on my Centos 6.4 squid server by setting:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

Which prevents IPv6 packets going out any of your NIC. That is all.
* your box is prevented from announcing its existence on the subnet (IPv6 equivalent of ARP is blocked) * your box is prevented testing for duplicate IPv6 assignments on the subnet (IPv6 equivalent of DHCP auto-assignment fails) * attempting to send other packets over IPv6 fails due to lack of the above.

Result: IPv6 does not work ... "its disabled!" ... or not.

Meanwhile to all intents and purposes (for inbound traffic) IPv6 functionality is active and responding. Including Squids probe, which consists of opening a socket and attempting several basic socket operations on it to probe the nature of the stack. Given that this CentOS you may even see Squid listening on :::3128 and sending/receiving IPv4 traffic there (IPv6 traffic will arrive, but the SYN-ACK packet will be dropped ... making the far end hang for *up to 75 seconds* before it can retry using IPv4).

==> IPv6 going slow? Always turns out to be administrative error has incorrectly configured a machine somewhere along the routing path to play games with IPv6 traffic like the above.

Life Lesson: There is no way to fully disable IPv6 in modern kernels any more than it is possibel to disable IPv4, and for the same reasons. Short of building that kernel and all software you intend to run on it specifically without IPv6 capabilities you are stuck with it.

The next closest thing for you however is to do those settings you have above *AND* to add ipv6.disable=1 as a boot parameter to the kernel command line which is in /boot/grub/grub.conf (assuming you use GRUB loader). Then reboot.


in my sysctl.conf, rebooted the server but still I see AAAA records are being sent out by squid!

Because DNS is using IPv4 to send them. IPv4 is still enabled on your network. Best turn that off too! (sorry could not resist, spent far too much time trolling through forums of people with stupid reasons for disabling IPv6 to find that kernel setting again).

Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux