On 2024-06-05 07:31, sachin gupta wrote:
We are shifting to IPv6 dual stack hosts. As per squid documentation
<https://wiki.squid-cache.org/Features/IPv6>, IPv6 is enabled by
default.
That statement is a bit misleading: IPv6 detection or probing is enabled
in default Squid builds (i.e. ./configure --enable-ipv6 is the default),
but whether a Squid instance will actually "enable IPv6" also depends on
the result of certain startup probes or checks. If those startup checks
fail, Squid will not send DNS AAAA queries.
As per documentation, based on DNS response squid will try both IP4 and
IPv6 if DNS return both addresses.
FWIW, this summary does not quite match modern Squid behavior. The
difference is _not_ important for your current triage because your Squid
currently does not even request an IPv6 address from DNS. Once you fix
that, you should _not_ expect Squid to use both IPv4 and IPv6 TCP/IP
connections in every test case: Squid may or may not use both address
families, depending on various runtime factors that affect Squid's Happy
Eyeballs algorithm (e.g., see happy_eyeballs_connect_timeout directive).
But I see that squid is only getting IPv4 address
To be more precise, your Squid does not send a DNS AAAA query after
sending a DNS A query (no idnsSendSlaveAAAAQuery line after idnsALookup
in your cache.log). That fact suggests that your Squid runs with
disabled IPv6. I suggest the following triage steps:
1. Examine "/path/to/your/executable/squid -v" output to make sure your
Squid executable is _not_ built with --disable-ipv6.
2. Examine level-1 cache.log for startup BCP 177 warnings like this one:
WARNING: BCP 177 violation. Detected non-functional IPv6 loopback
3. Examine _early_ level-2 startup ProbeTransport messages. For example:
$ your/squid -f your.squid.conf -N -X -d9 2>&1 | grep ProbeTransport
ProbeTransport: Detected IPv6 hybrid or v4-mapping stack...
ProbeTransport: Detected functional IPv6 loopback ...
ProbeTransport: IPv6 transport Enabled
Someday, somebody will (a) completely remove --disable-ipv6 and (b)
improve startup probing code to make steps 1 and 3 completely
unnecessary. We have recently done a couple of baby steps towards (a).
HTH,
Alex.
though with dis command I can see IPv6 address as well.
Also from same host, I am able to make curl command to google using IPv6.
DNS logs for squid
24/06/05 10:41:54.953 kid1| 5,4| AsyncCallQueue.cc(59) fireNext:
entering helperHandleRead(conn4 local=[::] remote=[::] FD 13 flags=1,
data=0x55c87a45bb38, size=5, buf=0x55c87a45bd60)
2024/06/05 10:41:54.953 kid1| 5,4| AsyncCall.cc(41) make: make call
helperHandleRead [call4]
2024/06/05 10:41:54.953 kid1| 78,3| dns_internal.cc(1792) idnsALookup:
idnsALookup: buf is 32 bytes for www.google.com <http://www.google.com>,
id = 0xe006
2024/06/05 10:41:54.953 kid1| 5,4| AsyncCall.cc(29) AsyncCall: The
AsyncCall helperHandleRead constructed, this=0x55c87a9301e0 [call89]
2024/06/05 10:41:54.953 kid1| 5,5| Read.cc(58) comm_read_base:
comm_read, queueing read for conn4 local=[::] remote=[::] FD 13 flags=1;
asynCall 0x55c87a9301e0*1
2024/06/05 10:41:54.954 kid1| 5,5| ModEpoll.cc(116) SetSelect: FD 13,
type=1, handler=1, client_data=0x7f183475a700, timeout=0
2024/06/05 10:41:54.954 kid1| 5,4| AsyncCallQueue.cc(61) fireNext:
leaving helperHandleRead(conn4 local=[::] remote=[::] FD 13 flags=1,
data=0x55c87a45bb38, size=5, buf=0x55c87a45bd60)
2024/06/05 10:41:54.955 kid1| 78,3| dns_internal.cc(1318) idnsRead:
idnsRead: starting with FD 11
2024/06/05 10:41:54.955 kid1| 5,5| ModEpoll.cc(116) SetSelect: FD 11,
type=1, handler=1, client_data=0, timeout=0
2024/06/05 10:41:54.955 kid1| 78,3| dns_internal.cc(1364) idnsRead:
idnsRead: FD 11: received 48 bytes from 10.0.32.2:53 <http://10.0.32.2:53>
2024/06/05 10:41:54.955 kid1| 78,3| dns_internal.cc(1171) idnsGrokReply:
idnsGrokReply: QID 0xe006, 1 answers
2024/06/05 10:41:54.955 kid1| 5,5| Connection.cc(99) cloneProfile:
0x55c87a944210 made conn56 local=0.0.0.0 remote=142.251.215.228:80
<http://142.251.215.228:80> HIER_DIRECT flags=1
2024/06/05 10:41:54.955 kid1| 5,5| Connection.cc(99) cloneProfile:
0x55c87a944830 made conn57 local=0.0.0.0 remote=142.251.215.228:80
<http://142.251.215.228:80> HIER_DIRECT flags=1
2024/06/05 10:41:54.955 kid1| 5,3| ConnOpener.cc(43) ConnOpener: will
connect to conn57 local=0.0.0.0 remote=142.251.215.228:80
<http://142.251.215.228:80> HIER_DIRECT flags=1 with 15 timeout
2024/06/05 10:41:54.955 kid1| 5,5| comm.cc(428) comm_init_opened: conn58
local=0.0.0.0 remote=[::] FD 16 flags=1 is a new socket
2024/06/05 10:41:54.955 kid1| 5,4| AsyncCall.cc(29) AsyncCall: The
AsyncCall Comm::ConnOpener::earlyAbort constructed, this=0x55c87a944cd0
[call95]
2024/06/05 10:41:54.955 kid1| 5,5| comm.cc(1004) comm_add_close_handler:
comm_add_close_handler: FD 16, AsyncCall=0x55c87a944cd0*1
2024/06/05 10:41:54.955 kid1| 5,4| AsyncCall.cc(29) AsyncCall: The
AsyncCall Comm::ConnOpener::timeout constructed, this=0x55c87a944d70
[call96]
Dig Output
dig www.google.com <http://www.google.com>AAAA
; <<>> DiG 9.16.23-RH <<>> www.google.com <http://www.google.com> AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27477
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.google.com <http://www.google.com>.INAAAA
;; ANSWER SECTION:
www.google.com <http://www.google.com>.237INAAAA2607:f8b0:400a:804::2004
;; Query time: 0 msec
;; SERVER: 10.0.32.2#53(10.0.32.2)
Can you please help and let me know if I am missing anything.
Regards
Sachin
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
