Hmm.. I guess we can delay the A lookup until connection timeout, which would both improve performance and compliance.
ons 2007-10-10 klockan 00:10 -0600 skrev Adrian Chadd:
> Interesting! I'd suggest leaving it on by default though and logging
> statistics
> showing the number of requests which had an ipv6 reply but couldn't be
> connected
> to, but could be connected to via ipv4.
>
> You want IPv6 support to be as transparent and functional as possible out of
> the box so people don't just disable IPv6 at the first sign of instability.
>
>
>
> Adrian
>
> On Wed, Oct 10, 2007, Amos Jeffries wrote:
> > Update of cvs.devel.squid-cache.org:/cvsroot/squid/squid3/src
> >
> > Modified Files:
> > Tag: squid3-ipv6
> > cf.data.pre dns_internal.cc structs.h
> > Log Message:
> > Following DNS best-practice will cause squid to deny some possible requests
> >
> > Can be caused by two things:
> > 1) The tunnel / IPv6 access is down.
> > 2) The remote server is broken. Advertising web service on a domain
> > that resolves to addresses which can't accept it.
> >
> > This adds a slightly nasty option "dns_v4_fallback" ("on" or "off") which
> > will force squid to break the standards and do both A and AAAA requests.
> >
> > pro: it seamlessly recovers from some IPv6 breakages in the local network.
> > or at least hides the error from clients and converts to IPv4.
> >
> > cons:
> > doubles the DNS queries per request that squid does.
> > will start using all IPv4 and IPv6 addresses as equal in its IP balancing.
> > (standards behaviour is to prefer IPv6 when given, ignoring IPv4).
> >
> > Default for this is OFF by design and should stay that way.
> > I leave it to individual admin to turn on if they judge their network
> > fundamentally unfixable enough to warrant it.
> >
> >
> > Index: structs.h
> > ===================================================================
> > RCS file: /cvsroot/squid/squid3/src/structs.h,v
> > retrieving revision 1.66.2.32
> > retrieving revision 1.66.2.33
> > diff -C2 -d -r1.66.2.32 -r1.66.2.33
> > *** structs.h 6 Oct 2007 15:17:07 -0000 1.66.2.32
> > --- structs.h 10 Oct 2007 00:51:42 -0000 1.66.2.33
> > ***************
> > *** 547,550 ****
> > --- 547,551 ----
> > int httpd_suppress_version_string;
> > int global_internal_static;
> > + int dns_require_A;
> > }
> >
> >
> > Index: dns_internal.cc
> > ===================================================================
> > RCS file: /cvsroot/squid/squid3/src/dns_internal.cc,v
> > retrieving revision 1.15.6.29
> > retrieving revision 1.15.6.30
> > diff -C2 -d -r1.15.6.29 -r1.15.6.30
> > *** dns_internal.cc 7 Aug 2007 08:44:47 -0000 1.15.6.29
> > --- dns_internal.cc 10 Oct 2007 00:51:41 -0000 1.15.6.30
> > ***************
> > *** 1001,1011 ****
> >
> > #if USE_IPV6
> > ! if(n <= 0 && q->need_A)
> > {
> > /* ERROR or NO AAAA exist. Failover to A records. */
> > if(n == 0)
> > debugs(78, 3, "idnsGrokReply: " << q->name << " has no AAAA
> > records. Looking up A record instead.");
> > ! else
> > debugs(78, 3, "idnsGrokReply: " << q->name << " AAAA query
> > failed. Trying A now instead.");
> >
> > idnsDropMessage(message, q);
> > --- 1001,1013 ----
> >
> > #if USE_IPV6
> > ! if(q->need_A && (Config.onoff.dns_require_A == 1 || n <= 0 ) )
> > {
> > /* ERROR or NO AAAA exist. Failover to A records. */
> > if(n == 0)
> > debugs(78, 3, "idnsGrokReply: " << q->name << " has no AAAA
> > records. Looking up A record instead.");
> > ! else if(q->need_A)
> > debugs(78, 3, "idnsGrokReply: " << q->name << " AAAA query
> > failed. Trying A now instead.");
> > + else // admin requested this.
> > + debugs(78, 3, "idnsGrokReply: " << q->name << " AAAA query
> > done. Configured to retrieve A now also.");
> >
> > idnsDropMessage(message, q);
> > ***************
> > *** 1448,1451 ****
> > --- 1450,1454 ----
> > }
> >
> > + /* PTR does not do inbound A/AAAA */
> > q->need_A = false;
> >
> >
> > Index: cf.data.pre
> > ===================================================================
> > RCS file: /cvsroot/squid/squid3/src/cf.data.pre,v
> > retrieving revision 1.68.2.40
> > retrieving revision 1.68.2.41
> > diff -C2 -d -r1.68.2.40 -r1.68.2.41
> > *** cf.data.pre 30 Sep 2007 16:13:29 -0000 1.68.2.40
> > --- cf.data.pre 10 Oct 2007 00:51:41 -0000 1.68.2.41
> > ***************
> > *** 5035,5038 ****
> > --- 5035,5058 ----
> > DOC_END
> >
> > + NAME: dns_v4_fallback
> > + TYPE: onoff
> > + DEFAULT: off
> > + LOC: Config.onoff.dns_require_A
> > + DOC_START
> > + Standard practice with DNS is to lookup either A or AAAA records
> > + and use the results if it succeeds. Only looking up the other if
> > + the first attempt fails or otherwise produces no results.
> > + By default squid internal DNS follows that policy.
> > +
> > + That policy however will cause squid to produce error pages for some
> > + servers that advertise AAAA but are unreachable over IPv6.
> > +
> > + Turning this ON will force squid to always lookup both AAAA and A.
> > +
> > + WARNING: There are some possibly unwanted side-effects with this on:
> > + *) Doubles the load placed by squid on the DNS network.
> > + *) May negatively impact connection delay times.
> > + DOC_END
> > +
> > NAME: ipcache_size
> > COMMENT: (number of entries)
signature.asc
Description: Detta är en digitalt signerad meddelandedel
