Re: [squid-users] squid5 Happy Eyeballs - Is it possible to enable IPV4 only or IPV6 only ?

[Alex Rousskov]

On 5/3/22 09:04, Alex Rousskov wrote:

On 5/3/22 02:35, Francesco Chemolli wrote:
Could tcp_outgoing_address do the deed, forcing a certain source ip or 
ipv4-only interface for some or all requests?


No, not without Squid modifications[1]: Today, tcp_outgoing_address is 
consulted _after_ the address family is already decided for the current 
connection attempt (by the peer selection algorithms selecting a 
specific destination address). We can change that, of course, but 
probably not without some backward compatibility headaches.


[1] Unless, perhaps, one abuses tcp_outgoing_address to select an 
immediately failing source IP address (e.g., the one Squid cannot bind 
to?) as a way to force another attempt (hopefully using another address 
family). I do not know whether this hack would work, and suspect it 
would depend on which socket operation fails when using the special 
"force failure" source IP address.



More ideas along those lines can be found on the following thread:
http://lists.squid-cache.org/pipermail/squid-users/2019-October/021186.html

Alex.




On Mon, 2 May 2022 at 16:39, Alex Rousskov wrote:

    On 5/1/22 23:49, Ahmad Alzaeem wrote:

 > sometime the IPV4
 > instance receive DNS resolution of the destination as IPV6 and the
 > connection fails !!
 >
 > sometimes the IPV4 instance receive the DNS resolution of the
 > destination as IPV6 and the connection fail .
 >
 > Is there any option we can do based on the environment above ?


    Without Squid code modifications, your options are:

    * Use a custom DNS resolver (configuration) that never sends IPv4
    address records to an IPv6-only Squid. Use a custom DNS resolver
    (configuration) that never sends IPv6 address records to an IPv4-only
    Squid. Configure each Squid to use the right resolver (see
    dns_nameservers).

    * Disable IPv6 support in IPv4-only Squid at ./configure time. This
    does
    not help with the IPv6-only Squid and has other negative side
    effects. I
    do not recommend this option.


  > Like maybe we disable eyeballs or preserving it while add an 
option

  > like DNS A records or DNS  records .

    It would be possible to enhance Squid by adding a configuration 
option
    that disables (certain) A or  queries, but proper 
modifications are

    not trivial and nobody has done them yet:

https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F 


 




    Cheers,

    Alex.

    ___
    squid-users mailing list
    squid-users@lists.squid-cache.org
    
    http://lists.squid-cache.org/listinfo/squid-users
    

--
@mobile




___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid5 Happy Eyeballs - Is it possible to enable IPV4 only or IPV6 only ?

[Alex Rousskov]

On 5/3/22 02:35, Francesco Chemolli wrote:
Could tcp_outgoing_address do the deed, forcing a certain source ip or 
ipv4-only interface for some or all requests?


No, not without Squid modifications[1]: Today, tcp_outgoing_address is 
consulted _after_ the address family is already decided for the current 
connection attempt (by the peer selection algorithms selecting a 
specific destination address). We can change that, of course, but 
probably not without some backward compatibility headaches.


[1] Unless, perhaps, one abuses tcp_outgoing_address to select an 
immediately failing source IP address (e.g., the one Squid cannot bind 
to?) as a way to force another attempt (hopefully using another address 
family). I do not know whether this hack would work, and suspect it 
would depend on which socket operation fails when using the special 
"force failure" source IP address.



HTH,

Alex.



On Mon, 2 May 2022 at 16:39, Alex Rousskov wrote:

On 5/1/22 23:49, Ahmad Alzaeem wrote:

 > sometime the IPV4
 > instance receive DNS resolution of the destination as IPV6 and the
 > connection fails !!
 >
 > sometimes the IPV4 instance receive the DNS resolution of the
 > destination as IPV6 and the connection fail .
 >
 > Is there any option we can do based on the environment above ?


Without Squid code modifications, your options are:

* Use a custom DNS resolver (configuration) that never sends IPv4
address records to an IPv6-only Squid. Use a custom DNS resolver
(configuration) that never sends IPv6 address records to an IPv4-only
Squid. Configure each Squid to use the right resolver (see
dns_nameservers).

* Disable IPv6 support in IPv4-only Squid at ./configure time. This
does
not help with the IPv6-only Squid and has other negative side
effects. I
do not recommend this option.


  > Like maybe we disable eyeballs or preserving it while add an option
  > like DNS A records or DNS  records .

It would be possible to enhance Squid by adding a configuration option
that disables (certain) A or  queries, but proper modifications are
not trivial and nobody has done them yet:

https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F




Cheers,

Alex.

___
squid-users mailing list
squid-users@lists.squid-cache.org

http://lists.squid-cache.org/listinfo/squid-users


--
@mobile


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid5 Happy Eyeballs - Is it possible to enable IPV4 only or IPV6 only ?

[Francesco Chemolli]

Could tcp_outgoing_address do the deed, forcing a certain source ip or
ipv4-only interface for some or all requests?

On Mon, 2 May 2022 at 16:39, Alex Rousskov 
wrote:

> On 5/1/22 23:49, Ahmad Alzaeem wrote:
>
> > sometime the IPV4
> > instance receive DNS resolution of the destination as IPV6 and the
> > connection fails !!
> >
> > sometimes the IPV4 instance receive the DNS resolution of the
> > destination as IPV6 and the connection fail .
> >
> > Is there any option we can do based on the environment above ?
>
>
> Without Squid code modifications, your options are:
>
> * Use a custom DNS resolver (configuration) that never sends IPv4
> address records to an IPv6-only Squid. Use a custom DNS resolver
> (configuration) that never sends IPv6 address records to an IPv4-only
> Squid. Configure each Squid to use the right resolver (see
> dns_nameservers).
>
> * Disable IPv6 support in IPv4-only Squid at ./configure time. This does
> not help with the IPv6-only Squid and has other negative side effects. I
> do not recommend this option.
>
>
>  > Like maybe we disable eyeballs or preserving it while add an option
>  > like DNS A records or DNS  records .
>
> It would be possible to enhance Squid by adding a configuration option
> that disables (certain) A or  queries, but proper modifications are
> not trivial and nobody has done them yet:
>
> https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F
>
>
> Cheers,
>
> Alex.
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-- 
@mobile
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid5 Happy Eyeballs - Is it possible to enable IPV4 only or IPV6 only ?

[Ahmad Alzaeem]

Hello Alex ,
Thanks for the nice info .
I will consider what you said .


Thanks


From: Alex Rousskov 
Date: Monday, May 2, 2022 at 8:38 AM
To: Ahmad Alzaeem <0xf...@gmail.com>, Squid Users 

Subject: Re: [squid-users] squid5 Happy Eyeballs - Is it possible to enable 
IPV4 only or IPV6 only ?
On 5/1/22 23:49, Ahmad Alzaeem wrote:

> sometime the IPV4
> instance receive DNS resolution of the destination as IPV6 and the
> connection fails !!
>
> sometimes the IPV4 instance receive the DNS resolution of the
> destination as IPV6 and the connection fail .
>
> Is there any option we can do based on the environment above ?


Without Squid code modifications, your options are:

* Use a custom DNS resolver (configuration) that never sends IPv4
address records to an IPv6-only Squid. Use a custom DNS resolver
(configuration) that never sends IPv6 address records to an IPv4-only
Squid. Configure each Squid to use the right resolver (see dns_nameservers).

* Disable IPv6 support in IPv4-only Squid at ./configure time. This does
not help with the IPv6-only Squid and has other negative side effects. I
do not recommend this option.


 > Like maybe we disable eyeballs or preserving it while add an option
 > like DNS A records or DNS  records .

It would be possible to enhance Squid by adding a configuration option
that disables (certain) A or  queries, but proper modifications are
not trivial and nobody has done them yet:
https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F


Cheers,

Alex.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid5 Happy Eyeballs - Is it possible to enable IPV4 only or IPV6 only ?

[Alex Rousskov]

On 5/1/22 23:49, Ahmad Alzaeem wrote:

sometime the IPV4 
instance receive DNS resolution of the destination as IPV6 and the 
connection fails !!


sometimes the IPV4 instance receive the DNS resolution of the 
destination as IPV6 and the connection fail .


Is there any option we can do based on the environment above ?



Without Squid code modifications, your options are:

* Use a custom DNS resolver (configuration) that never sends IPv4 
address records to an IPv6-only Squid. Use a custom DNS resolver 
(configuration) that never sends IPv6 address records to an IPv4-only 
Squid. Configure each Squid to use the right resolver (see dns_nameservers).


* Disable IPv6 support in IPv4-only Squid at ./configure time. This does 
not help with the IPv6-only Squid and has other negative side effects. I 
do not recommend this option.



> Like maybe we disable eyeballs or preserving it while add an option
> like DNS A records or DNS  records .

It would be possible to enhance Squid by adding a configuration option 
that disables (certain) A or  queries, but proper modifications are 
not trivial and nobody has done them yet: 
https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F



Cheers,

Alex.

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] squid5 Happy Eyeballs - Is it possible to enable IPV4 only or IPV6 only ?

[Ahmad Alzaeem]

Hello Team ,

Testing squid5.x .
Still have a question in a case of running multiple instances (IPV4/IPV6) on 
same machine .
Such as •  One instance that run as IPV4 only while other instance run as IPV6 
only .

I found that squid5.x is ignoring dns_v4_first .
And based on the algorithm and how it works , sometime  the IPV4 instance 
receive DNS resolution of the destination as IPV6 and the connection fails !!

sometimes the IPV4 instance receive the DNS resolution of the destination as 
IPV6 and the connection fail .

Is there any option we can do based on the environment above ?
Like maybe we disable eyeballs or preserving it while add an option like DNS A 
records or DNS  records .

Thanks




___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users