tis 2007-02-06 klockan 13:25 -0500 skrev Chris Nighswonger:
> Hi all,
> I have been working on this problem now for a day or so. I'm running
> 2.6.STABLE5. Towards the end of last week various pages begin to be
> slow resolving and often required several F5's to finally load. The
> problem changed over the weekend to pages not resolving at all but
> being redirected to the search provided by the external dns servers we
> use (opendns).
Which quite clearly indicates OpenDNS failed to resolve the sites and
instead responded with the IP of their "search engine".. And this may
have got cached by Squid extending the period the sites was
"unknown" (equal to being sent to the OpenDNS search engine by the
OpenDNS DNS servers).
> Bypassing squid and connecting directly to the
> Internet, using the same dns servers clears the problem up. Dig shows
> that the zone files in the dns servers are correct for the urls having
> problems.
These problems tend to heal themselves pretty quickly. To eleminate DNS
you need to actively watch the DNS traffic at the time the problem
occurs, trying to inspect it afterwards is not very useful.
> RCODE ATTEMPT1 ATTEMPT2 ATTEMPT3
> 0 107751 79 35
> 1 0 0 0
> 2 2369 2268 2224
> 3 988 21 7
> 4 0 0 0
> 5 0 0 0
>
>
> Before this issue came up, I never remember seeing anything beyond the
> 0 row. I was not able to figure out what this matrix is telling me or
> if it is relevant to the problem I am experiencing.
0 is "name found".
1 is "could not understand the query"
2 is "DNS server failure"
3 is "name not found (authorative)"
4 is "query type not implemented"
5 is "access denied"
All is responses from the DNS servers to Squid.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Thu Mar 01 2007 - 12:00:01 MST