Package: debian-edu-config Severity: important Version: 2.12.17 Control: found -1 2.11.56+debu3Debian Edu is not yet really IPv6-ready. That is another topic and should be discussed elsewhere. Maybe for some people, Debian Edu works perfectly on IPv6 and I don't know that yet, please let us know your experiences on the Debian Edu mailing list. Thanks. (Don't Cc: such discussion replies to the bug report's mail address, please).
However, here current Debian Edu work best if IPv4 connections (and DNS lookups) are preferred over IPv6 connections and lookups.
In Squid, I made the observation today that squid tries to do an IPv6 lookup for a URL first and if that fails, it retries via IPv4. This seems to work ok for Debian Edu networks where TJENER does not have a public IPv6 address. However, in my customer's setup [1], loading a complex website page via squid takes ages with this. Esp. if the squid proxy is under medium to heavy load by other users on the network.
So, long story cut short, squid tries to route http(s) requests (hostname/path queries, basically) over IPv6 first and falls back as second choice to IPv4. This takes a bit of extra time for each URL to be loaded. IMHO, this should be avoided, IPv4 should be preferred in squid. Not only on this one customer setup, but in general it seems (as the whole Debian Edu design currently is 'IPv4-first' or rather 'IPv4-only'.
So, I'd like to add (and this extra config line fixed the issue on the customer site)
dns_v4_first on to /etc/squid/conf.d/debian-edu.conf Objections? Other opinions??? Mike[1] In this customer setup TJENER has two network interfaces (a .intern network and a .backbone network). The .backbone network is for WiFi APs being able to access FreeRadius on TJENER (the WiFi APs are not on the .intern network but on a separate management network). And TJENER here as a public IPv6 address on the .backbone network's NIC (eth1 here).
-- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
Attachment:
pgpdXq94R5XhS.pgp
Description: Digitale PGP-Signatur