Amos, I made all the changes as advised. However, it did not make much difference, queue kept getting large together with slow dns responses. So I have moved most of the users aways from the failing squid service. Nameservers: IP ADDRESS # QUERIES # REPLIES ---------------------------------------------- --------- --------- xxx.xxx.x.x 185449 157877 That is how the dns is performing so far. With Load reduction, it works a bit fine, although after a long time it will get it's queue full. On Tue, Jun 28, 2011 at 3:47 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 28/06/11 23:25, Richard Zulu wrote: >> >> Amos, >> Yes, you are right! >> My internal DNS Stats are as follows: >> Nameservers: >> IP ADDRESS # QUERIES # REPLIES >> ---------------------------------------------- --------- --------- >> xxx.xxx.xxx.xx 51219 46320 >> >> You realise there is quite a big lap between the queries and replies. >> >> Other than the NAT errors, queue length errors, and large url warnings >> in the config file, I cannot seem to pinpoint why my server develops a >> long queue and cannot get most of it's queries resolved by the DNS. >> DNS is working well for other squid servers. Shifting users from the >> failing squid server to another functioning squid server causes the >> functioning squid server to experience the same issues. > > Sure sign that something they are doing is leading to DNS overload. > > Things to do: > * reduce dns_timeout, current recommended is now 30 seconds. That will not > resolve the DNS breakage, but will hopefully reduce waiting queries a lot. > > * check your config for things which cause extra DNS lookups: > srcdomain or dst ACLs. "log_fqdn on". small ipcache size. > > * try turning "via on" if you have it disabled. See what happens. "off" can > hide bad looping problems. > > * maybe look at the most popular sites and see how fast the DNS response > for AAAA and A lookups are. > >> >> What is interesting though, is that no sooner have I started my squid, >> than I get queue congestion warning and numerous NAT warnings. >> > > Okay. NAT warnings is a side effect of NAT being done on the other box. Is > a seecurity vulnerability and speed slowdown on accepting new requests. But > otherwise is a separate issue. It will be a little bit of work to fix, so I > think we put it asside for now. > > AIO queue congestion is normal on a proxy with many users after startup, so > long as it goes away with increasingly rare messages everything is fine. > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.12 > Beta testers wanted for 3.2.0.9 and 3.1.12.3 >
