[squid-users] dns_v4_first on ignored?

From: Sandrini Christian \(xsnd\) <xsnd_at_zhaw.ch>
Date: Mon, 11 Feb 2013 10:26:31 +0000

Hi

I am using squid-3.2.6. Our network interfaces have IPV6INIT=no. We do not use ipv6. In squid.conf we have set dns_v4_first to on but it still lookups for the AAAA record on certain pages which ends in a timeout after about 2 minutes before it searches for the A record.

This config works if I completely remove ipv6 kernel module but I'd rather not do that.

Have I configured something wrong?

We have the following config

# -------------------------------------------------------------------------------
# - Global Configuration
# ------------------------------------------------------------------------------

# Look for ipv4 first
dns_v4_first on
acl to_ipv6 dst ipv6
tcp_outgoing_address 160.85.104.14 !to_ipv6

# Port to listen
http_port 160.85.104.14:8080

# Coredump directory
coredump_dir /var/spool/squid

# Cache settings
cache_effective_user squid
cache_effective_group squid
cache_mem 3072 MB
cache_dir aufs /var/cache/squid 25000 64 256
maximum_object_size_in_memory 50 KB

# Mail of which will be notified when squid dies
cache_mgr servicedesk_at_zhaw.ch

# Do not allow underscores in hostnames
allow_underscore off

# DNS Settings
dns_retransmit_interval 3 seconds
dns_nameservers 160.85.192.100
append_domain .zhaw.ch

# Other settings
hierarchy_stoplist cgi-bin ?
ftp_user wwwuser_at_zhaw.ch
request_timeout 30 seconds
httpd_suppress_version_string on
visible_hostname srv-app-904.zhaw.ch
unique_hostname srv-app-904.zhaw.ch

# ------------------------------------------------------------------------------

# ------------------------------------------------------------------------------
# - Define ports
# ------------------------------------------------------------------------------
acl SSL_ports port 443 8443 28443 50001
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# ------------------------------------------------------------------------------

# ------------------------------------------------------------------------------
# - Define networks
# ------------------------------------------------------------------------------

acl bigip src 160.85.104.21/32 # F5 forward-proxy
acl monhost src 160.85.192.190/32 # mon.zhaw.ch
acl snmppublic snmp_community Fast3thernet

acl ZHAWnet src 160.85.0.0/16 # ZHAW
acl ZHAWnet src 195.176.253.59/32 # HSWNAT
acl ZHAWnet src 10.196.0.0/16 # VoIP
acl ZHAWnet src 10.194.4.0/22 # HAP
acl ZHAWnet src 10.194.36.0/22 # HSSAZ
acl ZHAWnet src 172.28.8.0/24 # Management Netz 1
acl ZHAWnet src 172.28.9.0/24 # Management Netz 2
acl ZHAWnet src 172.28.10.0/24 # FET-DEV
acl ZHAWnet src 172.28.11.0/24 # FET-TEST
acl ZHAWnet src 172.28.12.0/24 # BET-DEV
acl ZHAWnet src 172.28.13.0/24 # BET-TEST
acl ZHAWnet src 172.28.14.0/24 # FET-VDP
acl ZHAWnet src 172.28.15.0/24 # FET-VDP
acl STAFFMGR src 160.85.85.0/26
acl srv-ts-057 src 160.85.186.73/32
acl srv-ts-058 src 160.85.186.74/32

acl MONZHAWCH dstdomain mon.zhaw.ch
acl ZREG dstdomain zreg.zhaw.ch
acl EXCLUDE dstdomain domzhwin01.zhaw.ch
acl EXCLUDE dstdomain domzhwin02.zhaw.ch
acl EXCLUDE dstdomain domzhwin03.zhaw.ch
acl EXCLUDE dstdomain dc01.zhaw.ch
acl EXCLUDE dstdomain dc02.zhaw.ch
acl EXCLUDE dstdomain dc03.zhaw.ch
acl EXCLUDE dstdomain dc04.zhaw.ch
acl EXCLUDE dstdomain dc10.zhaw.ch
acl EXCLUDE dstdomain dc11.zhaw.ch
acl EXCLUDE dstdomain turtle.zhaw.ch
acl EXCLUDE dstdomain zebra.zhaw.ch
acl EXCLUDE dstdomain dolphin.zhaw.ch
acl EXCLUDE dstdomain orca.zhaw.ch
acl EXCLUDE dstdomain kangaroo.zhaw.ch
acl EXCLUDE dstdomain lobster.zhaw.ch
acl EXCLUDE dstdomain calamari.zhaw.ch
acl EXCLUDE dstdomain warthog.zhaw.ch
acl EXCLUDE dstdomain billabong.zhaw.ch
acl EXCLUDE dstdomain zeus.zhaw.ch
acl EXCLUDE dstdomain rhino1.zhaw.ch
acl EXCLUDE dstdomain rhino2.zhaw.ch
acl EXCLUDE dstdomain zhaw.zhaw.ch
acl EXCLUDE dstdomain barracuda.zhaw.ch
acl EXCLUDE dstdomain caesar.zhaw.ch
acl EXCLUDE dstdomain octopus.zhaw.ch
acl EXCLUDE dstdomain pandora.zhaw.ch
acl EXCLUDE dstdomain gonzo.zhaw.ch

acl PURGE method PURGE
acl PUT method PUT
acl PROPFIND method PROPFIND

# ------------------------------------------------------------------------------

# ------------------------------------------------------------------------------
# - Access rules
# ------------------------------------------------------------------------------

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# deny rules
http_access deny !STAFFMGR MONZHAWCH
http_access deny !STAFFMGR ZREG
http_access deny EXCLUDE

# http rules
http_access allow localhost
http_access allow ZHAWnet
http_access allow PUT ZHAWnet
http_access allow PURGE localhost
http_access allow PROPFIND srv-ts-057
http_access allow PROPFIND srv-ts-058

# And finally deny all other access to this proxy (MUST be at the end)
http_access deny all
icp_access deny all

# ------------------------------------------------------------------------------

# ------------------------------------------------------------------------------
# - Other rules
# ------------------------------------------------------------------------------

# X-Forwarded-For header can be trusted in requests from localhost and F5
# appliance.
follow_x_forwarded_for allow localhost
follow_x_forwarded_for allow bigip
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on

acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
acl apache rep_header Server ^Apache

# ------------------------------------------------------------------------------

# ------------------------------------------------------------------------------
# - Refresh Patterns
# ------------------------------------------------------------------------------

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

# ------------------------------------------------------------------------------
Received on Mon Feb 11 2013 - 10:27:38 MST

This archive was generated by hypermail 2.2.0 : Mon Feb 11 2013 - 12:00:26 MST