Re: [squid-users] 3.4.0.1 dnsreq statistics question

From: Ralf Hildebrandt <Ralf.Hildebrandt_at_charite.de>
Date: Tue, 30 Jul 2013 16:56:04 +0200

* Eliezer Croitoru <eliezer_at_ngtech.co.il>:
> On 07/30/2013 05:33 PM, Ralf Hildebrandt wrote:
> > The proxy is the only program quering the local DNS server. It's bound
> > to 127.0.0.1
> >
> > I'm looking at the query.log, but I'm not seeing any queries to .local
> > names at all.
> >
> > Maybe some new code path is not adding to the statistics?

> Like what?
> OK so the dns only queryies are not the .local ons??

Exactly, there are only queries like internal IPs & external
domainnames:

30-Jul-2013 16:33:42.777 client 127.0.0.1#43716: query: 249.138.42.141.in-addr.arpa IN PTR + (127.0.0.1)
30-Jul-2013 16:33:42.777 client 127.0.0.1#43716: query: 249.138.42.141.in-addr.arpa IN PTR + (127.0.0.1)
30-Jul-2013 16:33:42.777 client 127.0.0.1#43716: query: 249.138.42.141.in-addr.arpa IN PTR + (127.0.0.1)
30-Jul-2013 16:33:42.777 client 127.0.0.1#43716: query: 249.138.42.141.in-addr.arpa IN PTR + (127.0.0.1)
30-Jul-2013 16:33:42.777 client 127.0.0.1#43716: query: 249.138.42.141.in-addr.arpa IN PTR + (127.0.0.1)
30-Jul-2013 16:33:42.777 client 127.0.0.1#43716: query: 249.138.42.141.in-addr.arpa IN PTR + (127.0.0.1)
30-Jul-2013 16:33:42.777 client 127.0.0.1#43716: query: 249.138.42.141.in-addr.arpa IN PTR + (127.0.0.1)
30-Jul-2013 16:33:42.778 client 127.0.0.1#43716: query: 249.138.42.141.in-addr.arpa IN PTR + (127.0.0.1)
30-Jul-2013 16:33:42.778 client 127.0.0.1#43716: query: 227.56.248.78.in-addr.arpa IN PTR + (127.0.0.1)
30-Jul-2013 16:33:42.778 client 127.0.0.1#43716: query: 249.138.42.141.in-addr.arpa IN PTR + (127.0.0.1)
30-Jul-2013 16:33:42.778 client 127.0.0.1#43716: query: 249.138.42.141.in-addr.arpa IN PTR + (127.0.0.1)
30-Jul-2013 16:33:42.781 client 127.0.0.1#43716: query: 227.56.248.78.in-addr.arpa IN PTR + (127.0.0.1)
30-Jul-2013 16:33:42.826 client 127.0.0.1#43716: query: www.viewster.com IN A + (127.0.0.1)
30-Jul-2013 16:33:42.901 client 127.0.0.1#43716: query: banner.congstar.de IN A + (127.0.0.1)
30-Jul-2013 16:33:42.934 client 127.0.0.1#43716: query: n28.ad.ad-srv.net IN A + (127.0.0.1)
30-Jul-2013 16:33:42.935 client 127.0.0.1#43716: query: platform.twitter.com IN A + (127.0.0.1)
30-Jul-2013 16:33:43.004 client 127.0.0.1#43716: query: www.googletagmanager.com IN A + (127.0.0.1)
30-Jul-2013 16:33:43.168 client 127.0.0.1#43716: query: cdn.gmxpro.net IN A + (127.0.0.1)
30-Jul-2013 16:33:43.177 client 127.0.0.1#43716: query: divaag.vo.llnwd.net IN A + (127.0.0.1)
30-Jul-2013 16:33:43.312 client 127.0.0.1#43716: query: aidps.atdmt.com IN A + (127.0.0.1)
30-Jul-2013 16:33:43.327 client 127.0.0.1#43716: query: dc8.s317.meetrics.net IN A + (127.0.0.1)
30-Jul-2013 16:33:43.337 client 127.0.0.1#43716: query: viewster.ivwbox.de IN A + (127.0.0.1)
30-Jul-2013 16:33:43.372 client 127.0.0.1#43716: query: viewster.tv IN A + (127.0.0.1)
30-Jul-2013 16:33:43.456 client 127.0.0.1#43716: query: us-mg5.mail.yahoo.com IN A + (127.0.0.1)
30-Jul-2013 16:33:43.676 client 127.0.0.1#43716: query: download.cdn.mozilla.net IN A + (127.0.0.1)

> in this case you can start monitoring your network infrastructure to
> make sure what happens just to make sure that the infrastructure works fine.

Everything is working fine & is already being monitored.

> it's a simple task.. and it will make a stronger argument then just
> plain old statistics.

They are part of the monitoring. If they look different, I tend to ask
questions:

Like:
http://www.squid-cache.org/mail-archive/squid-users/200712/0465.html
(broken memory statistics in 3.0.x)

Or:
http://comments.gmane.org/gmane.comp.web.squid.general/97869
(sudden increase of the "HttpErrors" counter with 3.2.0.19 -- due to a
change of what counts as an error page)

> it would have long history.
> Do you see any real life threatening situation that it can affect.

Nope. Just asking why the stats suddenly would look different.
I'll check the other machines in the cluster

-- 
Ralf Hildebrandt                   Charite Universitätsmedizin Berlin
ralf.hildebrandt_at_charite.de        Campus Benjamin Franklin
http://www.charite.de              Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
Received on Tue Jul 30 2013 - 14:56:22 MDT

This archive was generated by hypermail 2.2.0 : Tue Jul 30 2013 - 12:00:27 MDT