The detection of an IPV6 available DST can be determined by DNS and external ACL helper. It will “slow” down the first couple bytes of the connection but can be much more reliable then the basic “dst” acl. The basic test would be something like: nslookup -type=aaaa www.squid-cache.org -timeout=10 |grep -v '#53'|grep Address:|wc -l if the wc -l gt 0 then try to use IPV6. I believe it’s pretty simple and the main issue is that if a service advertises unreachable IPV6 address. It can be either because of network misconfiguration or FW or misconfigured DNS. I have seen all of the above happen in production services in the last year. I can write a helper for this if required. Eliezer ---- Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1ltd@xxxxxxxxx Zoom: Coming soon From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of ?Amos Jeffries? The dst ACL type accepts the special value of "ipv4". You can use that and the "!" operator to split traffic. However, please be aware dst is not very reliable until *after* the outgoing connection has been created, and we are still finding some access checks that do not use it correctly. YMMV. Amos
|
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
