[squid-users] Bizarrely slow, timing out DNS only via Squid :D
Dan Charlesworth
dan at getbusi.com
Fri Mar 4 04:32:10 UTC 2016
Hey Amos,
Yeah 30 other happy sites which also have basically identical squid boxes, and very similar networks.
They did also mention to me that that they had IPv6 going on this network for quite a while, but switched it off recently (around when this problem started) due to nothing related to squid.
---
Squid conf grepped (just stuff Eliezer suggested I try):
# (squid -k parse 2>&1 ) | grep -o "Processing.*" | grep "dns_\|ipcache_\|fqdncache_"
Processing: dns_v4_first on
Processing: dns_nameservers 192.231.203.3 172.16.100.5
Huge paste of successful digs (this what you’re after)?:
# dig @192.231.203.3 www.v6.facebook.com AAAA
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6 <<>> @192.231.203.3 www.v6.facebook.com AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30264
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 4
;; QUESTION SECTION:
;www.v6.facebook.com. IN AAAA
;; ANSWER SECTION:
www.v6.facebook.com. 3508 IN CNAME v6.vvv.facebook.com.
v6.vvv.facebook.com. 208 IN AAAA 2a03:2880:20:8f08:face:b00c:0:1
;; AUTHORITY SECTION:
vvv.facebook.com. 7050 IN NS b.ns.vvv.facebook.com.
vvv.facebook.com. 7050 IN NS a.ns.vvv.facebook.com.
;; ADDITIONAL SECTION:
a.ns.vvv.facebook.com. 8598 IN A 69.171.239.11
a.ns.vvv.facebook.com. 8598 IN AAAA 2a03:2880:fffe:b:face:b00c:0:99
b.ns.vvv.facebook.com. 13843 IN A 69.171.255.11
b.ns.vvv.facebook.com. 13843 IN AAAA 2a03:2880:ffff:b:face:b00c:0:99
;; Query time: 21 msec
;; SERVER: 192.231.203.3#53(192.231.203.3)
;; WHEN: Fri Mar 4 15:20:51 2016
;; MSG SIZE rcvd: 209
# time dig @192.231.203.3 -x 69.171.239.11
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6 <<>> @192.231.203.3 -x 69.171.239.11
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49571
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;11.239.171.69.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
239.171.69.in-addr.arpa. 1 IN SOA a.ns.facebook.com. dns.facebook.com. 1457064868 7200 1800 604800 3600
;; Query time: 32 msec
;; SERVER: 192.231.203.3#53(192.231.203.3)
;; WHEN: Fri Mar 4 15:23:07 2016
;; MSG SIZE rcvd: 101
> On 4 Mar 2016, at 3:15 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>
> On 4/03/2016 11:42 a.m., Dan Charlesworth wrote:
>> Thanks for your input Eliezer.
>>
>> I've tested against various public DNS servers at this point so I'm ruling
>> out any DNS-server-side problems. The only time there's any timeouts or
>> slowness is when the request is going through squid. Doesn't seem to matter
>> which HTTP server I'm requesting, whether it returns multiple IPs or not.
>
> dig tested for all of A, AAAA, and PTR ?
>
>>
>> Also worth noting that this company has about 30 other sites with mostly
>> identical network topologies and equipment where it's completely fine.
>>
>
> Does that include other Squid which are okay?
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list