Hi Squid developpers,
Using Squid 3.1.9 with the internal resolver and IPv6 support enabled I
stumbled across a problem:
Squid sends AAAA DNS queries probably while checking the ACLs. There are
broken DNS servers that do not reply to AAAA queries. If this happens,
then Squid hangs for quite some time while waiting for a reply without
asking for an A record.
In our setup, there is a local DNS server that sends SERVFAIL after 30s
without a reply. In this case Squid hangs for 90s. Without the SERVFAIL,
Squid hangs for 3*dns_retransmit_interval + dns_timeout (45s with
default values). Using a parent proxy does not change this behaviour.
After waiting for a reply, Squid sends an A query that is answered
immediately and then everything works fine until the AAAA queries are
sent again after negative_dns_ttl.
There are is a bug report in Debian that is probably related:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604566
Do you see a way and a need to improve this behaviour for sites with
broken DNS servers? Fixing the remote DNS servers, disabling IPv6
support or reducing the DNS timeouts help, but might not be feasible
solutions in every case.
There was a discussion about parallel AAAA/A queries last year. Are
there any plans in implementing this (especially for ACLs)?
Thread:
http://www.mail-archive.com/[email protected]/msg12801.html
A test URL is e.g. https://ibol18.ibb.ubs.com. The same problem persists
in 3.2.0.5. DNS or HTTP traces can be provided if requested.
Best regards,
Fabian Hugelshofer
PS: Please include my email address in replies as I am not member of the
list.
