0

Squid 3.1 introduced dns_v4_first option to query and use DNS A records first instead of AAAA records. This helped a lot in situations where IPv6 was “second-class citizen” compared to native IPv4 — that is: 6to4, 6in4 or otherwise tunneled.

Squid 5.0.4 marked dns_v4_first as obsolete, according to changelog, but in fact removed the option at all, showing it as “ERROR” and making no effect. The documentation does not give any clue what other options supersede this one, nor does it provide any workaround.

I wonder if where is a new way to achieve the same functionality, perhaps using some new or good old directives, or by a combination of DNS (BIND) and Squid settings? Stop using IPv6 at all is of course an option, too, but not quite desired, much like reverting to al older Squid version.

Anton Samsonov
  • 281
  • 1
  • 9

1 Answers1

0

Reading the squid 5 release notes reveals the new dual stack behavior to be a Happy Eyeballs implementation.

Happy Eyeballs Update

Squid now uses a received IP address as soon as it is needed for request forwarding instead of waiting for all of the potential forwarding destinations to be fully resolved (i.e. complete both IPv4 and IPv6 domain name resolution) before beginning to forward the request.

Instead of obeying dns_v4_first settings, IP family usage order is now primarily controlled by DNS response time: If a DNS AAAA response comes first while Squid is waiting for an IP address, then Squid will use the received IPv6 address(es) first. For previously cached IPs, Squid tries IPv6 addresses first. To control IP address families used by Squid, admins are expected to use firewalls or DNS recursive-resolver configuration. When planning you configuration changes, please keep in mind that the upcoming Happy Eyeballs improvements will favor faster TCP connection establishment, decreasing the impact of DNS resolution timing.

On some dual stack networks, racing the address families is a good enough work around.

Having IPv6 routable but poorly performing will not be a good experience.

  • Improve IPv6 connectivity
  • Add A only DNS names for peer cache servers
  • Configure a recursive resolver to strip out AAAA records if the experience is still bad
John Mahowald
  • 32,050
  • 2
  • 19
  • 34
  • I know about Happy Eyeballs, since it has been out there for many years already, same as `dns_v4_first`. Unless I'm getting it wrong, it is a totally different feature, which makes IPv6 and IPv4 equal — in contrast to default preference for IPv6; but what I need is exactly the opposite — default preference for IPv4. That is, IPv6 somewhat works for me, it does establish connections and provide traffic flow, but fails on heavy traffic: e. g. *ipv6-test.com* scores 20 out of 20 or so, but watching a Full HD video on YouTube is no go. – Anton Samsonov Sep 19 '22 at 12:42
  • I quoted the release note saying dns_v4_first is no longer respected, in the happy eyeballs section. Presumably, Squid is no longer interested in providing this override to dual stack behavior. If you were to configure your resolver to remove problem AAAA records, that forces the remaining A records to be used. Not a Squid solution, no, but is consistent with how other applications behave. – John Mahowald Sep 22 '22 at 17:23