 |  |
No query was logged? In debug mode, every incoming query is logged.
Re: Quick Dns crashing
From: Men & Mice Support
Date: Friday, August 15, 2003
Time: 2:10:22 pm
(So is every outgoing query and every incoming response, as shown
below.) However, given the volume of data to sift through, I can
understand why you might have missed it.
The queries shown below are related to the first set, as I indicated
before. But, having tested this a bit using QuickDNS Server 3.5.3, I
don't see what query could set this whole thing off.
____________________________________________________________________
Chris Buxton Men & Mice
Customer Support Specialist Making DNS Easy
At 1:21 PM -0400 8/15/03, Ryan Clevenger wrote:
> Ok I went back to the log and there was no Query line. I am guessing it
>is just a recursive query from some other server. Also this is not the only
>server that this happened on. Here is another example from the log.
>
>
>270,000 lines (135,000 queries) in 2 hours 20 minutes
>
>Aug 12 14:45:20 Querying "192.31.80.30:53" about
>"ns7.halfpricehosting.com."
>Aug 12 14:45:20 Querying "192.31.80.30:53" about
>"ns8.halfpricehosting.com."
>Aug 12 14:45:20 Reply: "ns7.halfpricehosting.com." - from
>"192.31.80.30:53"
>Aug 12 14:45:20 Querying "192.31.80.30:53" about
>"ns7.halfpricehosting.com."
>Aug 12 14:45:20 Reply: "ns8.halfpricehosting.com." - from
>"192.31.80.30:53"
>Aug 12 14:45:20 Querying "192.31.80.30:53" about
>"ns8.halfpricehosting.com."
>Aug 12 14:45:20 Reply: "ns7.halfpricehosting.com." - from
>"192.31.80.30:53"
>Aug 12 14:45:20 Querying "192.31.80.30:53" about
>"ns7.halfpricehosting.com."
>Aug 12 14:45:20 Reply: "ns8.halfpricehosting.com." - from
>"192.31.80.30:53"
>Aug 12 14:45:20 Querying "192.31.80.30:53" about
>"ns8.halfpricehosting.com."
>Aug 12 14:45:20 Reply: "ns7.halfpricehosting.com." - from
>"192.31.80.30:53"
>Aug 12 14:45:20 Querying "192.31.80.30:53" about
>"ns7.halfpricehosting.com."
>Aug 12 14:45:20 Reply: "ns8.halfpricehosting.com." - from
>"192.31.80.30:53"
>Aug 12 14:45:20 Querying "192.31.80.30:53" about
>"ns8.halfpricehosting.com."
>Aug 12 14:45:20 Reply: "ns7.halfpricehosting.com." - from
>"192.31.80.30:53"
>Aug 12 14:45:20 Querying "192.31.80.30:53" about
>"ns7.halfpricehosting.com."
>Aug 12 14:45:20 Reply: "ns8.halfpricehosting.com." - from
>"192.31.80.30:53"
>Aug 12 14:45:20 Querying "192.31.80.30:53" about
>"ns8.halfpricehosting.com."
>Aug 12 14:45:20 Reply: "ns7.halfpricehosting.com." - from
>"192.31.80.30:53"
>Aug 12 14:45:20 Querying "192.31.80.30:53" about
>"ns7.halfpricehosting.com."
>Aug 12 14:45:20 Reply: "ns8.halfpricehosting.com." - from
>"192.31.80.30:53"
>Aug 12 14:45:20 Querying "192.31.80.30:53" about
>"ns8.halfpricehosting.com."
>Aug 12 14:45:20 Reply: "ns7.halfpricehosting.com." - from
>"192.31.80.30:53"
>Aug 12 14:45:20 Querying "192.31.80.30:53" about
>"ns7.halfpricehosting.com."
>Aug 12 14:45:20 Reply: "ns8.halfpricehosting.com." - from
>"192.31.80.30:53"
>Aug 12 14:45:20 Querying "192.31.80.30:53" about
>"ns8.halfpricehosting.com."
>Aug 12 14:45:20 Reply: "ns7.halfpricehosting.com." - from
>"192.31.80.30:53"
>Aug 12 14:45:20 Querying "192.31.80.30:53" about
>"ns7.halfpricehosting.com."
>Aug 12 14:45:20 Reply: "ns8.halfpricehosting.com." - from
>"192.31.80.30:53"
>Aug 12 14:45:20 Querying "192.31.80.30:53" about
>"ns8.halfpricehosting.com."
>Aug 12 14:45:20 Reply: "ns7.halfpricehosting.com." - from
>"192.31.80.30:53"
>Aug 12 14:45:20 Querying "192.31.80.30:53" about
>"ns7.halfpricehosting.com."
>Aug 12 14:45:20 Reply: "ns8.halfpricehosting.com." - from
>"192.31.80.30:53"
>Aug 12 14:45:20 Querying "192.31.80.30:53" about
>"ns8.halfpricehosting.com."
>Aug 12 14:45:20 Reply: "ns7.halfpricehosting.com." - from
>"192.31.80.30:53"
>Aug 12 14:45:20 Querying "192.31.80.30:53" about
>"ns7.halfpricehosting.com."
>Aug 12 14:45:20 Reply: "ns8.halfpricehosting.com." - from
>"192.31.80.30:53"
>Aug 12 14:45:20 Querying "192.31.80.30:53" about
>"ns8.halfpricehosting.com."
>Aug 12 14:45:20 Reply: "ns7.halfpricehosting.com." - from
>"192.31.80.30:53"
>Aug 12 14:45:20 Querying "192.31.80.30:53" about
>"ns7.halfpricehosting.com."
>Aug 12 14:45:20 Reply: "ns8.halfpricehosting.com." - from
>"192.31.80.30:53"
>Aug 12 14:45:20 Querying "192.31.80.30:53" about
>"ns8.halfpricehosting.com."
>Aug 12 14:45:20 Reply: "ns7.halfpricehosting.com." - from
>"192.31.80.30:53"
>Aug 12 14:45:21 Querying "192.42.93.30:53" about
>"ns7.halfpricehosting.com."
>Aug 12 14:45:21 Reply: "ns8.halfpricehosting.com." - from
>"192.42.93.30:53"
>Aug 12 14:45:21 Querying "192.42.93.30:53" about
>"ns8.halfpricehosting.com."
>Aug 12 14:45:21 Reply: "ns7.halfpricehosting.com." - from
>"192.42.93.30:53"
>Aug 12 14:45:21 Querying "192.42.93.30:53" about
>"ns7.halfpricehosting.com."
>Aug 12 14:45:21 Reply: "ns8.halfpricehosting.com." - from
>"192.42.93.30:53"
>Aug 12 14:45:21 Querying "192.42.93.30:53" about
>"ns8.halfpricehosting.com."
>Aug 12 14:45:21 Reply: "ns7.halfpricehosting.com." - from
>"192.42.93.30:53"
>Aug 12 14:45:21 Querying "192.42.93.30:53" about
>"ns7.halfpricehosting.com."
>Aug 12 14:45:21 Reply: "ns8.halfpricehosting.com." - from
>"192.42.93.30:53"
>Aug 12 14:45:21 Querying "192.42.93.30:53" about
>"ns8.halfpricehosting.com."
>Aug 12 14:45:21 Reply: "ns7.halfpricehosting.com." - from
>"192.42.93.30:53"
>Aug 12 14:45:21 Querying "192.42.93.30:53" about
>"ns7.halfpricehosting.com."
>Aug 12 14:45:21 Reply: "ns8.halfpricehosting.com." - from
>"192.42.93.30:53"
>Aug 12 14:45:21 Querying "192.42.93.30:53" about
>"ns8.halfpricehosting.com."
>Aug 12 14:45:21 Reply: "ns7.halfpricehosting.com." - from
>"192.42.93.30:53"
>Aug 12 14:45:21 Querying "192.42.93.30:53" about
>"ns7.halfpricehosting.com."
>
>
>
>
>On 8/15/03 12:58 PM, "Men & Mice Support" <cbuxton@menandmice.com> wrote:
>
>> I would start by looking through the log for a line starting with
>> "Query" instead of "Querying" - in other words, try to find what
>> query came in that triggered all of this.
>>
>> My guess is that this has something to do with the following facts:
>>
>> - mydnsserver.com is delegated to a couple of servers in the
>> halfpricehosting.com domain.
>>
>> - halfpricehosting.com is delegated to four servers in the
>> mydnsserver.com domain, two of which have the same IP address (which
>> is also the same address as one of the halfpricehosting.com servers).
>>
>> - The other halfpricehosting.com server is given a different IP
>> address by the authoritative servers than by the com servers.
>>
>> - Of the five IP addresses given for these various server names, only
>> the one that is assigned three names (199.231.136.99, which is
>> ns7.halfpricehosting.com, ns1.mydnsserver.com, and
>> ns3.mydnsserver.com) actually responds to DNS queries.
>>
>> - The halfpricehosting.com zone contains authority records pointing
>> to the halfpricehosting.com server names, not the mydnsserver.com
>> server names.
>>
>> In theory, it should all work despite these problems. But the
>> anti-spoofing algorithm in QuickDNS Server may be having trouble with
>> this.
>> ____________________________________________________________________
>> Chris Buxton Men & Mice
>> Customer Support Specialist Making DNS Easy
>>
>> At 12:29 PM -0400 8/15/03, Ryan Clevenger wrote:
>>> Hey guys I have been having a strange problem recently. I
>>> upgraded my QuickDns from 3.0 to 3.5.3 running on Mac Os 9.1 on a
>>> 350mhz imac. Everything has been running great until the other day.
>>> I keep the debug log running so that I can see what is going on and
>>> such and I noticed that the log was filling up to like 300meg in a
>>> matter of a day. For about 3 days in a row the server would crash by
>>> the end of the day. So I checked the log and here is what was
>>> showing.
>>>
>>> 540,000 lines (270,000 queries) in 2 hours 20 minutes
>>>
>>> Aug 12 14:45:20 Querying "192.31.80.30:53" about "ns1.mydnsserver.com."
>>> Aug 12 14:45:20 Querying "192.31.80.30:53" about "ns2.mydnsserver.com."
> >> Aug 12 14:45:20 Reply: "ns1.mydnsserver.com." - from "192.31.80.30:53"
>>> Aug 12 14:45:20 Querying "192.31.80.30:53" about "ns1.mydnsserver.com."
>>> Aug 12 14:45:20 Reply: "ns2.mydnsserver.com." - from "192.31.80.30:53"
>>> Aug 12 14:45:20 Querying "192.31.80.30:53" about "ns2.mydnsserver.com."
> >> Aug 12 14:45:20 Reply: "ns1.mydnsserver.com." - from "192.31.80.30:53"
>>> Aug 12 14:45:20 Querying "192.31.80.30:53" about "ns1.mydnsserver.com."
>>> Aug 12 14:45:20 Reply: "ns2.mydnsserver.com." - from "192.31.80.30:53"
>>> Aug 12 14:45:20 Querying "192.31.80.30:53" about "ns2.mydnsserver.com."
>>> Aug 12 14:45:20 Querying "192.31.80.30:53" about "ns3.mydnsserver.com."
>>> Aug 12 14:45:20 Querying "192.31.80.30:53" about "ns4.mydnsserver.com."
>>> Aug 12 14:45:20 Reply: "ns1.mydnsserver.com." - from "192.31.80.30:53"
>>> Aug 12 14:45:20 Querying "192.31.80.30:53" about "ns1.mydnsserver.com."
>>> Aug 12 14:45:20 Reply: "ns2.mydnsserver.com." - from "192.31.80.30:53"
>>> Aug 12 14:45:20 Querying "192.42.93.30:53" about "ns2.mydnsserver.com."
>>> Aug 12 14:45:20 Reply: "ns3.mydnsserver.com." - from "192.31.80.30:53"
>>> Aug 12 14:45:20 Querying "192.42.93.30:53" about "ns3.mydnsserver.com."
>>> Aug 12 14:45:20 Reply: "ns4.mydnsserver.com." - from "192.31.80.30:53"
>>> Aug 12 14:45:20 Querying "192.42.93.30:53" about "ns4.mydnsserver.com."
>>> Aug 12 14:45:21 Reply: "ns1.mydnsserver.com." - from "192.31.80.30:53"
>>> Aug 12 14:45:21 Querying "192.42.93.30:53" about "ns1.mydnsserver.com."
>>> Aug 12 14:45:21 Reply: "ns1.mydnsserver.com." - from "192.42.93.30:53"
>>> Aug 12 14:45:21 Querying "192.42.93.30:53" about "ns1.mydnsserver.com."
>>> Aug 12 14:45:21 Reply: "ns2.mydnsserver.com." - from "192.42.93.30:53"
>>> Aug 12 14:45:21 Querying "192.42.93.30:53" about "ns2.mydnsserver.com."
>>> Aug 12 14:45:21 Reply: "ns2.mydnsserver.com." - from "192.42.93.30:53"
>>> Aug 12 14:45:21 Querying "192.42.93.30:53" about "ns2.mydnsserver.com."
>>> Aug 12 14:45:21 Reply: "ns3.mydnsserver.com." - from "192.42.93.30:53"
>>> Aug 12 14:45:21 Querying "192.42.93.30:53" about "ns3.mydnsserver.com."
>>> Aug 12 14:45:21 Reply: "ns4.mydnsserver.com." - from "192.42.93.30:53"
>>> Aug 12 14:45:21 Querying "192.42.93.30:53" about "ns4.mydnsserver.com."
>>> Aug 12 14:45:21 Reply: "ns1.mydnsserver.com." - from "192.42.93.30:53"
>>>
>>> Etc...
>>> If you noticed it did this for 540,000 lines in 2 hours and 20 minutes.
>>>
>>> This is not the only domain that I am getting it from there are
>>> about 4 or five domains that this happened to. Eventually the server
>>> gets tired of all these queries and just shuts down. Does anyone
>>> have any idea why this is happening? I have no idea why the server
>>> would be querying over and over like this. Any help would be much
>>> appreciated.
>>>
>>>
>>>
>>> Ryan Clevenger
>>> Computer Support Specialist
>>> North Point Community Church
>>> Work - 770.290.5770
>>> Cell - 770.634.9816
>>> ryan.clevenger@northpoint.org
>>
>>
>
>Ryan Clevenger
>Computer Support Specialist
>North Point Community Church
>Work - 770.290.5770
>Cell - 770.634.9816
>ryan.clevenger@northpoint.org
Messages In This Thread:
Return to Digital Point Solutions' Home Page
| home | |
| products | |
| services | |
| support | |
| email lists |
| optigold isp | |
| optigold isp news | |
| home inspection | |
| inspectrix | |
| java companion | |
| oracle | |
| quickdns pro | |
| search engine | |
| veterinary |
| tips | |
| employees | |
| free tools | |
| portfolio | |
| jobs | |
| contact |
888/4-DPOINTSupport:
858/452-3696