Re: [sa-list] Re: DNS timeouts on almost all queries

["Dan Mahoney, System Admin" <da...@prime.gushi.org>]

On Fri, 5 Jan 2007, Matt Kettler wrote:

> Dan Mahoney, System Admin wrote:
>> Any idea what could be causing the following?
>>
>> DNS is against localhost, net::dns is 0.59
>>
>> I'm seeing a ton of this in my ddebug log:
>>
>> Jan  5 16:37:14 quark spamd[2031]: dns: timeout for
>> sorbs-lastexternal,sorbs after 11 seconds
> Try "dig @localhost www.spamassassin.org"
>
> ie: is the localhost DNS server working properly?

Yes, it is.  I'm not seeing any major errors in /var/log/messages, and I'm 
seeing some rules match on this.  It would be quasi-helpful if the error 
logged what lookup was actually timing out (i.e. 
1.1.168.192.someblacklist.org or whatever) so that one could try and 
diagnose this stuff with tcpdump or querylogs.

It's not doing it right now -- it appears to be something that only 
happens when the system is under reasonably high load, but I *did* verify 
that lookups were working when I was getting these messages.

-Dan

--

"She's been getting attacked by these leeches, they're leaving these marks
all over her neck. You gotta keep her out of those woods.  If one more
leech gets her, she's gonna get a smack."

-Someone's Mother, December 18th, 1998

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------

Re: [sa-list] Re: DNS timeouts on almost all queries

[Jeff Chan <je...@surbl.org>]

See if your ISP is rate limiting or denying DNS service for
excessive queries.  That's if you're using their nameservers of
course. 

Either way you're much better off setting up your own local
caching nameserver.

Jeff C.
-- 
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/

Re: [sa-list] Re: DNS timeouts on almost all queries

[Matt Kettler <mk...@verizon.net>]

Dan Mahoney, System Admin wrote:
> On Fri, 5 Jan 2007, Matt Kettler wrote:
>
>>
>> Hmm, have you tried hitting the local named with queryperf (it's a DNS
>> mass-querry load-test.)
>
> Haven't yet.  Was also going to try turning on the querylog (I turn it
> on via rndc but I'm not getting output anywhere)
I would suggest it. If nothing else, it will tell you if your named is
handling an absurdly low number of queries per second.
>
>> What named are you using?
>
> 9.3.1, which will be upgraded as soon as my ports tree syncs.
>
>From that, I presume you meant to say "bind".

Re: [sa-list] Re: DNS timeouts on almost all queries

["Dan Mahoney, System Admin" <da...@prime.gushi.org>]

On Fri, 5 Jan 2007, Matt Kettler wrote:

> Dan Mahoney, System Admin wrote:
>>>
>>>
>>> ie: is the localhost DNS server working properly?
>>
>> Yes, it is.  I'm not seeing any major errors in /var/log/messages, and
>> I'm seeing some rules match on this.  It would be quasi-helpful if the
>> error logged what lookup was actually timing out (i.e.
>> 1.1.168.192.someblacklist.org or whatever) so that one could try and
>> diagnose this stuff with tcpdump or querylogs.
>>
>> It's not doing it right now -- it appears to be something that only
>> happens when the system is under reasonably high load, but I *did*
>> verify that lookups were working when I was getting these messages.
>
> Hmm, have you tried hitting the local named with queryperf (it's a DNS
> mass-querry load-test.)

Haven't yet.  Was also going to try turning on the querylog (I turn it on 
via rndc but I'm not getting output anywhere)

> What named are you using?

9.3.1, which will be upgraded as soon as my ports tree syncs.

-Dan

>

--

Pika Pika Pika!

-Pikachu, of Pokemon fame.

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------

Re: [sa-list] Re: DNS timeouts on almost all queries

[Matt Kettler <mk...@verizon.net>]

Dan Mahoney, System Admin wrote:
>>
>>
>> ie: is the localhost DNS server working properly?
>
> Yes, it is.  I'm not seeing any major errors in /var/log/messages, and
> I'm seeing some rules match on this.  It would be quasi-helpful if the
> error logged what lookup was actually timing out (i.e.
> 1.1.168.192.someblacklist.org or whatever) so that one could try and
> diagnose this stuff with tcpdump or querylogs.
>
> It's not doing it right now -- it appears to be something that only
> happens when the system is under reasonably high load, but I *did*
> verify that lookups were working when I was getting these messages.

Hmm, have you tried hitting the local named with queryperf (it's a DNS
mass-querry load-test.)

What named are you using?