Hi Amos,
Thanks a lot for your detailed reply.
I have disabled IPv6 on my Centos 6.4 squid server by setting:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
in my sysctl.conf, rebooted the server but still I see AAAA records are being sent out by squid!
Regards,
Firas
----- Original Message -----
From: Amos Jeffries <squid3_at_treenet.co.nz>
To: squid-users_at_squid-cache.org
Cc:
Sent: Saturday, July 27, 2013 8:50 AM
Subject: Re: [squid-users] Squid Sending AAAA DNS queries
On 27/07/2013 2:40 a.m., Golden Shadow wrote:
> Hello squid-users,
>
> My squid is sending AAAA DNS queries, while IPv6 is not enabled on my network. How can I prevent squid from sending AAAA DNS queries? I only found dns_v4_first squid directive, which does not completely disable AAAA queries.
The current supported release of Squid will not send DNS AAAA queries if
IPv6 is not available. Seeing that behaviour means your Squid is
detecting that IPv6 *is* available and partially operating, at least on
the machine running Squid.
There is no harm in querying AAAA records - the current Squid do
parallel (Happy-Eyeballs) DNS lookups with that dns_v4_first flag to
ensure that on networks such as yours IPv4 has priority over IPv6
(avoiding the connection delays and any other issues your lack of IPv6
network support causes). If your DNS lacks capacity for Squid's
lightweight lookup style now you are already screwed, DNSSEC for example
has multiple layers of lookups with huge packets involved.
PS. That DNS traffic also helps provide both you and the destination
site owners a reliable indicator for how much IPv6 demand needs to be
expected and catered for if either of you turn it on right now. For
example the A vs AAAA result counters in cachemgr "idns" report to see
what % of your HTTP capacity load an IPv6 tunnel would need to cater for
if you setup one from the Squid machine.
Amos
Received on Sat Jul 27 2013 - 10:57:33 MDT
This archive was generated by hypermail 2.2.0 : Sat Jul 27 2013 - 12:00:19 MDT