CentOS/RHEL 6.4, Squid 3.1.10, IPV6 and TCP_MISS/503 errors

Since Squid 3.1.0, IPv6 support is “native” [1] and the following behavior occurs: The most active [IPv6 operation] will be DNS as IPv6 addresses are looked up for each website.

Unfortunately, until Squid 3.1.16 which introduce the configuration parameter dns_v4_first [2], you cannot change Squid order for DNS queries and IPv6 AAAA queries will always occurs first. (Well, you could always recompile with --disable-ipv6 but I cannot afford to recompile anything in my environment.)

This is where it hurts: some NS out there on the Internet are very badly configured and timeout on any AAAA queries instead of just answering NXDOMAIN or NOERROR with an empty AAAA entry.
It means that when Squid queries (directly or via a resolver) for an AAAA entry to these bugged NS, it results in a timeout (by default it retries for 15s which is 3*dns_retransmit_interval) and the request fails with a TCP_MISS/503 code.

To summarize, EL 6.4 provides Squid 3.1.10 which is stuck between 3.1.0 (native IPv6) and 3.1.16 (which allow you to try IPv4 A queries first) and won’t work with broken NS that doesn’t handle AAAA queries correctly…

ps: I’m interested in any insights about this and/or why it doesn’t fallback to IPv4 after the three retry.

[1] – http://wiki.squid-cache.org/Features/IPv6#IPv6_in_Squid
[2] – http://www.squid-cache.org/Versions/v3/3.1/cfgman/dns_v4_first.html

1 comment so far.

  1. Serban Teodorescu

    To actually help out a bit…

    I got a RHEL6 binary package of a squid 3.3 going here:\
    http://wiki.squid-cache.org/SquidFaq/BinaryPackages#KnowledgeBase.2BAC8-CentOS.Squid-3.3

    Cheers.

Leave a Reply to Serban Teodorescu

*