AW: AW: AW: AW: AW: [squid-users] Re: dns_v4_first on ignored?

[Sandrini Christian (xsnd)]

That is what I guessed as well. But we can not control their DNS and the 
solution so far was not to check for  records. It is silly for one domain 
but it is a quite important one that is used a lot.

Not sure if there is any alternatives? I thought that squid 3.2 is doing 
parallel lookups to  and A records?

-Ursprüngliche Nachricht-
Von: Amos Jeffries [mailto:squ...@treenet.co.nz] 
Gesendet: Dienstag, 12. Februar 2013 10:54
An: squid-users@squid-cache.org
Betreff: Re: AW: AW: AW: AW: [squid-users] Re: dns_v4_first on ignored?

On 12/02/2013 8:41 p.m., Sandrini Christian (xsnd) wrote:
 Hi

 I have now enabled ipv6

 3: eth1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state 
 UNKNOWN qlen 1000
  link/ether 00:50:56:a6:07:27 brd ff:ff:ff:ff:ff:ff
  inet 160.85.104.14/24 brd 160.85.104.255 scope global eth1
  inet6 fe80::250:56ff:fea6:727/64 scope link
 valid_lft forever preferred_lft forever

 When I dig for  record to ipv6.idrobot.net I don't get a timeout

 dig  ipv6.idrobot.net

 ;  DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6   
 ipv6.idrobot.net ;; global options: +cmd ;; Got answer:
 ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 34596 ;; flags: 
 qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

 ;; QUESTION SECTION:
 ;ipv6.idrobot.net.  IN  

 ;; AUTHORITY SECTION:
 net.900 IN  SOA a.gtld-servers.net. 
 nstld.verisign-grs.com. 1360654692 1800 900 604800 86400

 ;; Query time: 17 msec
 ;; SERVER: 160.85.192.100#53(160.85.192.100) ;; WHEN: Tue Feb 12 
 08:38:40 2013 ;; MSG SIZE  rcvd: 107

 When I dig for  record to www2.zhlex.zh.ch I get one

 dig  www2.zhlex.zh.ch

 ;  DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6   
 www2.zhlex.zh.ch ;; global options: +cmd ;; connection timed out; no 
 servers could be reached


 Do you have the same timout as well with that host and ipv6 running? This is 
 a domain which is queried a lot.

Yes. I traced it through three CNAME redirections to a pair of DNS servers 
which do not respond to any  queries.


# dig  zhcompublicweb1.subd.djiktzh.ch @lc1.djiktzh.ch

;  DiG 9.3.6-P1   zhcompublicweb1.subd.djiktzh.ch 
@lc1.djiktzh.ch
;; global options:  printcmd
;; connection timed out; no servers could be reached


# dig  zhcompublicweb1.subd.djiktzh.ch @lc2.djiktzh.ch

;  DiG 9.3.6-P1   zhcompublicweb1.subd.djiktzh.ch 
@lc2.djiktzh.ch
;; global options:  printcmd
;; connection timed out; no servers could be reached


Those DNS servers lc1.djiktzh.ch and lc2.djiktzh.ch are broken.

Amos

Re: AW: AW: AW: AW: AW: [squid-users] Re: dns_v4_first on ignored?

[Eliezer Croitoru]

Try to contact the dns servers maintainer using postmaster or any other 
relevant address.


You can consult about it in ISOC mailing list.

BIND has very nice logging options about lazy and problematic dns 
servers which can help you prevent these issues.


It's a very common problem in the dns world not related just to IPV6.

Eliezer

On 2/12/2013 12:36 PM, Sandrini Christian (xsnd) wrote:

That is what I guessed as well. But we can not control their DNS and the 
solution so far was not to check for  records. It is silly for one domain 
but it is a quite important one that is used a lot.

Not sure if there is any alternatives? I thought that squid 3.2 is doing 
parallel lookups to  and A records?


--
Eliezer Croitoru
http://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer at ngtech.co.il