Re: AW: AW: AW: AW: AW: [squid-users] Re: dns_v4_first on ignored?

2013-02-12 Thread Eliezer Croitoru 
Try to contact the dns servers maintainer using postmaster or any other 
relevant address.


You can consult about it in ISOC mailing list.

BIND has very nice logging options about lazy and problematic dns 
servers which can help you prevent these issues.


It's a very common problem in the dns world not related just to IPV6.

Eliezer

On 2/12/2013 12:36 PM, Sandrini Christian (xsnd) wrote:

That is what I guessed as well. But we can not control their DNS and the 
"solution" so far was not to check for  records. It is silly for one domain 
but it is a quite important one that is used a lot.

Not sure if there is any alternatives? I thought that squid 3.2 is doing 
parallel lookups to  and A records?


--
Eliezer Croitoru
http://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer  ngtech.co.il

AW: AW: AW: AW: AW: [squid-users] Re: dns_v4_first on ignored?

2013-02-12 Thread Sandrini Christian (xsnd) 
That is what I guessed as well. But we can not control their DNS and the 
"solution" so far was not to check for  records. It is silly for one domain 
but it is a quite important one that is used a lot.

Not sure if there is any alternatives? I thought that squid 3.2 is doing 
parallel lookups to  and A records?

-Ursprüngliche Nachricht-
Von: Amos Jeffries [mailto:squ...@treenet.co.nz] 
Gesendet: Dienstag, 12. Februar 2013 10:54
An: squid-users@squid-cache.org
Betreff: Re: AW: AW: AW: AW: [squid-users] Re: dns_v4_first on ignored?

On 12/02/2013 8:41 p.m., Sandrini Christian (xsnd) wrote:
> Hi
>
> I have now enabled ipv6
>
> 3: eth1:  mtu 1500 qdisc pfifo_fast state 
> UNKNOWN qlen 1000
>  link/ether 00:50:56:a6:07:27 brd ff:ff:ff:ff:ff:ff
>  inet 160.85.104.14/24 brd 160.85.104.255 scope global eth1
>  inet6 fe80::250:56ff:fea6:727/64 scope link
> valid_lft forever preferred_lft forever
>
> When I dig for  record to ipv6.idrobot.net I don't get a timeout
>
> dig  ipv6.idrobot.net
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>>  
> ipv6.idrobot.net ;; global options: +cmd ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34596 ;; flags: 
> qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;ipv6.idrobot.net.  IN  
>
> ;; AUTHORITY SECTION:
> net.900 IN  SOA a.gtld-servers.net. 
> nstld.verisign-grs.com. 1360654692 1800 900 604800 86400
>
> ;; Query time: 17 msec
> ;; SERVER: 160.85.192.100#53(160.85.192.100) ;; WHEN: Tue Feb 12 
> 08:38:40 2013 ;; MSG SIZE  rcvd: 107
>
> When I dig for  record to www2.zhlex.zh.ch I get one
>
> dig  www2.zhlex.zh.ch
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>>  
> www2.zhlex.zh.ch ;; global options: +cmd ;; connection timed out; no 
> servers could be reached
>
>
> Do you have the same timout as well with that host and ipv6 running? This is 
> a domain which is queried a lot.

Yes. I traced it through three CNAME redirections to a pair of DNS servers 
which do not respond to any  queries.


# dig  zhcompublicweb1.subd.djiktzh.ch @lc1.djiktzh.ch

; <<>> DiG 9.3.6-P1 <<>>  zhcompublicweb1.subd.djiktzh.ch 
@lc1.djiktzh.ch
;; global options:  printcmd
;; connection timed out; no servers could be reached


# dig  zhcompublicweb1.subd.djiktzh.ch @lc2.djiktzh.ch

; <<>> DiG 9.3.6-P1 <<>>  zhcompublicweb1.subd.djiktzh.ch 
@lc2.djiktzh.ch
;; global options:  printcmd
;; connection timed out; no servers could be reached


Those DNS servers lc1.djiktzh.ch and lc2.djiktzh.ch are broken.

Amos