On 06/01/16 17:39, Amos Jeffries wrote: > On 6/01/2016 5:04 p.m., Jason Haar wrote: >> Hi there >> >> Weird - several times in the past couple of months I have found I cannot >> get to http://wiki.squid-cache.org/ - I get the error below from my >> squid-3.5.11 server which does not have a Global ipv6 address (it has a >> Local ipv6/fe80: on the Ethernet card - but nothing else). Google.com >> (which is fully ipv6 capable) works fine - so far only >> wiki.squid-cache.org has shown up this way to me (ie I don't see this >> error message. >> >> On the squid server, "dig a" shows valid ipv4 addresses and "dig aaaa" >> shows the ipv6 address - but why is squid even trying to connect over >> ipv6 If doesn't have an ipv6 address? >> >> Could this be a case of the "A" record failing to return fast enough, >> forcing squid to only try ipv6 - which then leads to the error message >> referring to the ipv6 address? > Squid waits for both A and AAAA before continuing after DNS lookup. The > only way to get only IPv6 results is for your DNS server to produce no A > results at all. Timeout _could_ do that, but the default is 30 sec so > unlikely. I think that must be the case, because when I saw the problem this morning, I immediately ssh'ed into the squid server and nslookup showed it was resolving the name to it's A record just fine (by then) - and telnet-ing to the IPv4 address was fine too. So it must have either timed out on the A lookups (but not the AAAA records), or the DNS server didn't return A records at all? I don't think there's a way to query squid to see what it's current DNS cache is? That would definitively answer that question > The Squid wiki is dual-stacked with IPv4 addresses. Sice you have > v4-only network the thing to do is find out why the IPv4 are not > working for your Squid. Well yeah - but I frankly don't see this on any other website (like google.com) - just wiki.squid-cache.org - so I think there's something going on between those DNS servers and my squid server sitting on a SPARK NZ network > This just means that IPv6 was the *last* thing tried. It is entirely > probable that IPv4 were tried first and also failed. Particularly if you > have dns_v4_first turned on. No - I don't have dns_v4_first defined at all - so that should be trying both ipv4 and ipv6 if both DNS records were available. > > NP: if you have dns_v4_first off (default) then the error message should > say some IPv4 failed. Since it gets tried last. Well that isn't happening - which is why I suspect I'm not getting any "A" records back at all (or very late). Sadly this isn't repeatable at will - right now the wiki is working fine -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
