Amos,
I made all the changes as advised.
However, it did not make much difference, queue kept getting large
together with slow dns responses.
So I have moved most of the users aways from the failing squid service.
Nameservers:
IP ADDRESS # QUERIES # REPLIES
---------------------------------------------- --------- ---------
xxx.xxx.x.x 185449 157877
That is how the dns is performing so far.
With Load reduction, it works a bit fine, although after a long time
it will get it's queue full.
On Tue, Jun 28, 2011 at 3:47 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 28/06/11 23:25, Richard Zulu wrote:
>>
>> Amos,
>> Yes, you are right!
>> My internal DNS Stats are as follows:
>> Nameservers:
>> IP ADDRESS # QUERIES # REPLIES
>> ---------------------------------------------- --------- ---------
>> xxx.xxx.xxx.xx 51219 46320
>>
>> You realise there is quite a big lap between the queries and replies.
>>
>> Other than the NAT errors, queue length errors, and large url warnings
>> in the config file, I cannot seem to pinpoint why my server develops a
>> long queue and cannot get most of it's queries resolved by the DNS.
>> DNS is working well for other squid servers. Shifting users from the
>> failing squid server to another functioning squid server causes the
>> functioning squid server to experience the same issues.
>
> Sure sign that something they are doing is leading to DNS overload.
>
> Things to do:
> * reduce dns_timeout, current recommended is now 30 seconds. That will not
> resolve the DNS breakage, but will hopefully reduce waiting queries a lot.
>
> * check your config for things which cause extra DNS lookups:
> srcdomain or dst ACLs. "log_fqdn on". small ipcache size.
>
> * try turning "via on" if you have it disabled. See what happens. "off" can
> hide bad looping problems.
>
> * maybe look at the most popular sites and see how fast the DNS response
> for AAAA and A lookups are.
>
>>
>> What is interesting though, is that no sooner have I started my squid,
>> than I get queue congestion warning and numerous NAT warnings.
>>
>
> Okay. NAT warnings is a side effect of NAT being done on the other box. Is
> a seecurity vulnerability and speed slowdown on accepting new requests. But
> otherwise is a separate issue. It will be a little bit of work to fix, so I
> think we put it asside for now.
>
> AIO queue congestion is normal on a proxy with many users after startup, so
> long as it goes away with increasingly rare messages everything is fine.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.12
> Beta testers wanted for 3.2.0.9 and 3.1.12.3
>
Received on Wed Jun 29 2011 - 11:01:42 MDT
This archive was generated by hypermail 2.2.0 : Wed Jun 29 2011 - 12:00:02 MDT