puzzling dnscache behavior

Andy Bradford amb-plug at bradfords.org
Mon Jun 23 22:52:52 MDT 2008


Thus said Nicholas Leippe on Mon, 23 Jun 2008 09:31:51 MDT:

> @40000000485fbfb7348a66bc query 50884 7f000001:5f46:f243 1 rss.slashdot.org.

It looks like another query came in  just 3 seconds after the one at the
beginning of the log:

> @40000000485fbfba35ae7c2c query 50885 7f000001:7efa:3108 1 rss.slashdot.org.

It also  looks like  you may  not have  captured the  log at  the actual
beginning of the error:

> @40000000485fbfba3814e53c servfail rss.slashdot.org. input/output error
> @40000000485fbfba3814f0f4 sent 50879 34

Where are the logs for query 50879?  The logs here start with query 50884.

> @40000000485fbfd91461c40c servfail rss.slashdot.org. input/output error
> @40000000485fbfd91461d3ac sent 50884 34

So it took 34 seconds for the  query to eventually time out. Question is
why? It  looks like the last  query it made for  rss.slashdot.org was to
216.34.181.21. It also made queries  to 216.34.181.22 which failed. This
log snippet  doesn't appear  to have any  queries made  to 12.31.165.79,
their other  NS server. The queries  to the first two  servers appear to
time out after 34 seconds, so basically  it looks like a problem with at
least these two servers. Either they are having intermittent problems or
there is a firewall blocking these somewhere.

What  happened  in  the  3  minutes inbetween  these  two  (failure  and
successful) logs? When  it gets into a failure  situation again, attempt
to query their servers directly:

dnsq cname rss.slashdot.org 216.34.181.22
dnsq cname rss.slashdot.org 216.34.181.21
dnsq cname rss.slashdot.org 12.31.165.79

Assuming of course they haven't changed  their NS records in that amount
of time (which may actually be a possibility).

See if they respond.

Also, if you can get the relevant parts of the log for the queries prior
to 50884  (like 50879 and possibly  others) from the very  first time it
fails, we may be able to glean more.

Andy
--
[-----------[system uptime]--------------------------------------------]
 10:52pm  up  1:59,  1 user,  load average: 1.01, 1.00, 1.00



More information about the PLUG mailing list