---------------------
PatchSet 5905 
Date: 2007/10/10 00:51:41
Author: amosjeffries
Branch: squid3-ipv6
Tag: (none) 
Log:
Following DNS best-practice will cause squid to deny some possible requests

Can be caused by two things:
 1) The tunnel / IPv6 access is down.
 2) The remote server is broken. Advertising web service on a domain
    that resolves to addresses which can't accept it.

This adds a slightly nasty option "dns_v4_fallback" ("on" or "off") which
will force squid to break the standards and do both A and AAAA requests.

pro: it seamlessly recovers from some IPv6 breakages in the local network.
     or at least hides the error from clients and converts to IPv4.

cons:
 doubles the DNS queries per request that squid does.
 will start using all IPv4 and IPv6 addresses as equal in its IP balancing.
 (standards behaviour is to prefer IPv6 when given, ignoring IPv4).

Default for this is OFF by design and should stay that way.
I leave it to individual admin to turn on if they judge their network
fundamentally unfixable enough to warrant it.

Members: 
	src/cf.data.pre:1.68.2.40->1.68.2.41 
	src/dns_internal.cc:1.15.6.29->1.15.6.30 
	src/structs.h:1.66.2.32->1.66.2.33 

Index: squid3/src/cf.data.pre
===================================================================
RCS file: /cvsroot/squid-sf//squid3/src/cf.data.pre,v
retrieving revision 1.68.2.40
retrieving revision 1.68.2.41
diff -u -r1.68.2.40 -r1.68.2.41
--- squid3/src/cf.data.pre	30 Sep 2007 16:13:29 -0000	1.68.2.40
+++ squid3/src/cf.data.pre	10 Oct 2007 00:51:41 -0000	1.68.2.41
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.68.2.40 2007/09/30 16:13:29 serassio Exp $
+# $Id: cf.data.pre,v 1.68.2.41 2007/10/10 00:51:41 amosjeffries Exp $
 #
 # SQUID Web Proxy Cache		http://www.squid-cache.org/
 # ----------------------------------------------------------
@@ -5034,6 +5034,26 @@
 	nameservers by setting this option to 'off'.
 DOC_END
 
+NAME: dns_v4_fallback
+TYPE: onoff
+DEFAULT: off
+LOC: Config.onoff.dns_require_A
+DOC_START
+	Standard practice with DNS is to lookup either A or AAAA records
+	and use the results if it succeeds. Only looking up the other if
+	the first attempt fails or otherwise produces no results.
+	By default squid internal DNS follows that policy.
+
+	That policy however will cause squid to produce error pages for some
+	servers that advertise AAAA but are unreachable over IPv6.
+
+	Turning this ON will force squid to always lookup both AAAA and A.
+
+	WARNING: There are some possibly unwanted side-effects with this on:
+		*) Doubles the load placed by squid on the DNS network.
+		*) May negatively impact connection delay times.
+DOC_END
+
 NAME: ipcache_size
 COMMENT: (number of entries)
 TYPE: int
Index: squid3/src/dns_internal.cc
===================================================================
RCS file: /cvsroot/squid-sf//squid3/src/dns_internal.cc,v
retrieving revision 1.15.6.29
retrieving revision 1.15.6.30
diff -u -r1.15.6.29 -r1.15.6.30
--- squid3/src/dns_internal.cc	7 Aug 2007 08:44:47 -0000	1.15.6.29
+++ squid3/src/dns_internal.cc	10 Oct 2007 00:51:41 -0000	1.15.6.30
@@ -1,6 +1,6 @@
 
 /*
- * $Id: dns_internal.cc,v 1.15.6.29 2007/08/07 08:44:47 amosjeffries Exp $
+ * $Id: dns_internal.cc,v 1.15.6.30 2007/10/10 00:51:41 amosjeffries Exp $
  *
  * DEBUG: section 78    DNS lookups; interacts with lib/rfc1035.c
  * AUTHOR: Duane Wessels
@@ -1000,13 +1000,15 @@
     }
 
 #if USE_IPV6
-    if(n <= 0 && q->need_A)
+    if(q->need_A && (Config.onoff.dns_require_A == 1 || n <= 0 ) )
     {
         /* ERROR or NO AAAA exist. Failover to A records. */
         if(n == 0)
             debugs(78, 3, "idnsGrokReply: " << q->name << " has no AAAA records. Looking up A record instead.");
-        else
+        else if(q->need_A)
             debugs(78, 3, "idnsGrokReply: " << q->name << " AAAA query failed. Trying A now instead.");
+        else // admin requested this.
+            debugs(78, 3, "idnsGrokReply: " << q->name << " AAAA query done. Configured to retrieve A now also.");
 
         idnsDropMessage(message, q);
 
@@ -1447,6 +1449,7 @@
         q->sz = rfc3596BuildPTRQuery4(addr4, q->buf, sizeof(q->buf), q->id, &q->query);
     }
 
+    /* PTR does not do inbound A/AAAA */
     q->need_A = false;
 
     if (q->sz < 0)
Index: squid3/src/structs.h
===================================================================
RCS file: /cvsroot/squid-sf//squid3/src/structs.h,v
retrieving revision 1.66.2.32
retrieving revision 1.66.2.33
diff -u -r1.66.2.32 -r1.66.2.33
--- squid3/src/structs.h	6 Oct 2007 15:17:07 -0000	1.66.2.32
+++ squid3/src/structs.h	10 Oct 2007 00:51:42 -0000	1.66.2.33
@@ -1,6 +1,6 @@
 
 /*
- * $Id: structs.h,v 1.66.2.32 2007/10/06 15:17:07 amosjeffries Exp $
+ * $Id: structs.h,v 1.66.2.33 2007/10/10 00:51:42 amosjeffries Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -546,6 +546,7 @@
         int emailErrData;
         int httpd_suppress_version_string;
         int global_internal_static;
+        int dns_require_A;
     }
 
     onoff;