Christian, This sounds very similar to what I have seen with a few sites. My solution was to add the problematic domains to /etc/hosts (only ipv4 address) and restart squid. I'm not proud or happy about this solution but it does the trick for me.
Kind regards, /petter On Tue, Feb 12, 2013 at 5:36 AM, Sandrini Christian (xsnd) <[email protected]> wrote: > That is what I guessed as well. But we can not control their DNS and the > "solution" so far was not to check for AAAA records. It is silly for one > domain but it is a quite important one that is used a lot. > > Not sure if there is any alternatives? I thought that squid 3.2 is doing > parallel lookups to AAAA and A records? > > -----Ursprüngliche Nachricht----- > Von: Amos Jeffries [mailto:[email protected]] > Gesendet: Dienstag, 12. Februar 2013 10:54 > An: [email protected] > Betreff: Re: AW: AW: AW: AW: [squid-users] Re: dns_v4_first on ignored? > > On 12/02/2013 8:41 p.m., Sandrini Christian (xsnd) wrote: >> Hi >> >> I have now enabled ipv6 >> >> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state >> UNKNOWN qlen 1000 >> link/ether 00:50:56:a6:07:27 brd ff:ff:ff:ff:ff:ff >> inet 160.85.104.14/24 brd 160.85.104.255 scope global eth1 >> inet6 fe80::250:56ff:fea6:727/64 scope link >> valid_lft forever preferred_lft forever >> >> When I dig for AAAA record to ipv6.idrobot.net I don't get a timeout >> >> dig AAAA ipv6.idrobot.net >> >> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> AAAA >> ipv6.idrobot.net ;; global options: +cmd ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34596 ;; flags: >> qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 >> >> ;; QUESTION SECTION: >> ;ipv6.idrobot.net. IN AAAA >> >> ;; AUTHORITY SECTION: >> net. 900 IN SOA a.gtld-servers.net. >> nstld.verisign-grs.com. 1360654692 1800 900 604800 86400 >> >> ;; Query time: 17 msec >> ;; SERVER: 160.85.192.100#53(160.85.192.100) ;; WHEN: Tue Feb 12 >> 08:38:40 2013 ;; MSG SIZE rcvd: 107 >> >> When I dig for AAAA record to www2.zhlex.zh.ch I get one >> >> dig AAAA www2.zhlex.zh.ch >> >> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> AAAA >> www2.zhlex.zh.ch ;; global options: +cmd ;; connection timed out; no >> servers could be reached >> >> >> Do you have the same timout as well with that host and ipv6 running? This is >> a domain which is queried a lot. > > Yes. I traced it through three CNAME redirections to a pair of DNS servers > which do not respond to any AAAA queries. > > > # dig AAAA zhcompublicweb1.subd.djiktzh.ch @lc1.djiktzh.ch > > ; <<>> DiG 9.3.6-P1 <<>> AAAA zhcompublicweb1.subd.djiktzh.ch > @lc1.djiktzh.ch > ;; global options: printcmd > ;; connection timed out; no servers could be reached > > > # dig AAAA zhcompublicweb1.subd.djiktzh.ch @lc2.djiktzh.ch > > ; <<>> DiG 9.3.6-P1 <<>> AAAA zhcompublicweb1.subd.djiktzh.ch > @lc2.djiktzh.ch > ;; global options: printcmd > ;; connection timed out; no servers could be reached > > > Those DNS servers lc1.djiktzh.ch and lc2.djiktzh.ch are broken. > > Amos
