How to configure Squid to use IPv4
June 15, 2021
Because the IPv6 Internet is as fast or faster than the IPv4 Internet for most networks, Squid prefers to connect to websites over IPv6.
The “dns_v4_first on” option changes the order of preference so that Squid will first bind to dual-stack websites over IPv4. Squid will still do both IPv6 and IPv4 DNS queries before connecting.
A WARNING. This parameter limits the situations in which IPv6 connectivity is used (and tested). This hides network problems that would otherwise have been detected and warned about.
So, to switch to IPv4, add the following option to the config file:
Now the request on port 24004 will print the IPv4 address:
curl --proxy localhost:24004 https://w-e-b.site/ip/
But the fact is that requests to ports 24000-24003 will also display IPv4 addresses, since the remote host uses both of them, and IPv4 is now selected by default.
That is, in essence, this option is a switch between IPv4 and IPv6. This is not very convenient and a little illogical. You need to remember this, because using different IP addresses on the same proxy server, you can get confused about which one is actually used.
Starting with version 5 of Squid, the dns_v4_first option will be removed. Instead of obeying the dns_v4_first setting, the IP family is now largely controlled by the DNS response time: if the AAAA DNS response comes first while Squid is waiting for IP addresses, then Squid will use the first received IPv6 addresses. For previously cached IP addresses, Squid tries IPv6 addresses first. To manage the family of IP addresses used by Squid, administrators must use firewalls, recursive DNS resolver configuration, and/or --disable-ipv6. When planning configuration changes, keep in mind that the upcoming improvements to Happy Eyeballs will facilitate faster TCP connections while reducing the impact of DNS resolution times.
The fifth version implements the “Happy Eyeballs” algorithm, which uses the received IP as soon as it is needed. Firewall rules that deny IPv6 TCP connections remain the preferred configuration method for “disconnecting” IPv6 connections, with a recursive DNS resolver configuration.
See also the Squid setup guide: How to create and configure a Squid proxy server
- How to check if my router supports IPv6 (84.6%)
- Configuring Squid Proxy with Multiple IP Addresses (76.9%)
- Error “Authentication helper program /usr/lib64/squid/basic_ncsa_auth: (2) No such file or directory” (SOLVED) (65.4%)
- How Squid ACL works (65.4%)
- How to configure HTTP Digest Authentication in Squid (65.4%)
- How to install PowerShell on Arch Linux, Manjaro, BlackArch (RANDOM - 50%)