Hi Henrik,
Need you help again... is idnsCheckQueue related.
The box was running fine, except there was a surge in response time. Cache
log shows that there are a lot of (241 times) idnsChechQueue messages at
14:59:53.
2002/06/11 14:59:53| idnsCheckQueue: ID 35a2: giving up after 3 tries and
42.3 seconds
2002/06/11 14:59:53| idnsCheckQueue: ID 35a3: giving up after 3 tries and
42.3 seconds
2002/06/11 14:59:53| idnsCheckQueue: ID 3671: giving up after 3 tries and
37.1 seconds
2002/06/11 14:59:53| idnsCheckQueue: ID 3672: giving up after 3 tries and
37.1 seconds
Understand that it's normal to have idnsCheckQueue in cache log, as some
domain requests are not valid. However, i think it's unusual to see so many
in a second... Could it be due to the following?
1. Dos attack.
- Besides going through access log, is there anyway to use the ID to find
the actual domain name?
- Will the requests be reflected at 14:59:53 or 14:59:11 (minues lookup
time)?
- In cases where the requested domain name is not found, what will be the
message in access log? TCP_MISS/404 ?
2. Dns failure.
- But, the box is pointing to 2 dns, which quite unlikely to fail at the
same time
Please advise. Thanks.
Rgds,
Wei Keong
Received on Tue Jun 11 2002 - 23:52:12 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:38 MST