tis 2007-02-06 klockan 13:25 -0500 skrev Chris Nighswonger: > Hi all, > I have been working on this problem now for a day or so. I'm running > 2.6.STABLE5. Towards the end of last week various pages begin to be > slow resolving and often required several F5's to finally load. The > problem changed over the weekend to pages not resolving at all but > being redirected to the search provided by the external dns servers we > use (opendns). Which quite clearly indicates OpenDNS failed to resolve the sites and instead responded with the IP of their "search engine".. And this may have got cached by Squid extending the period the sites was "unknown" (equal to being sent to the OpenDNS search engine by the OpenDNS DNS servers). > Bypassing squid and connecting directly to the > Internet, using the same dns servers clears the problem up. Dig shows > that the zone files in the dns servers are correct for the urls having > problems. These problems tend to heal themselves pretty quickly. To eleminate DNS you need to actively watch the DNS traffic at the time the problem occurs, trying to inspect it afterwards is not very useful. > RCODE ATTEMPT1 ATTEMPT2 ATTEMPT3 > 0 107751 79 35 > 1 0 0 0 > 2 2369 2268 2224 > 3 988 21 7 > 4 0 0 0 > 5 0 0 0 > > > Before this issue came up, I never remember seeing anything beyond the > 0 row. I was not able to figure out what this matrix is telling me or > if it is relevant to the problem I am experiencing. 0 is "name found". 1 is "could not understand the query" 2 is "DNS server failure" 3 is "name not found (authorative)" 4 is "query type not implemented" 5 is "access denied" All is responses from the DNS servers to Squid. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
