Hello, I am running a dovecot and proxy server on two different virtual machines and on the dovecot proxy server I see around 5-6 times per day the following warning: Feb 03 16:15:12 auth: Warning: proxy(email at domain.com,xxx.xxx.xxx.xxx,<ABC123456789>): DNS lookup for mailboxserver.domain.com took 1.550 s I do not really understand how from time to time DNS queries are slow, I tried replicate this issue using dig to resolve the same DNS entry and it was always very fast. Is there any way I can debug better this issue? or is this nothing to worry about really? Regards ML
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 4 Feb 2015, ML mail wrote:> I am running a dovecot and proxy server on two different virtual machines and on the dovecot proxy server I see around 5-6 times per day the following warning: > > Feb 03 16:15:12 auth: Warning: proxy(email at domain.com,xxx.xxx.xxx.xxx,<ABC123456789>): DNS lookup for mailboxserver.domain.com took 1.550 s > > I do not really understand how from time to time DNS queries are slow, I tried replicate this issue using dig to resolve the same DNS entry and it was always very fast. Is there any way I can debug better this issue? or is this nothing to worry about really?Maybe the usual network problems? Did you run a local DNS caching server? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVNIHFHz1H7kL/d9rAQJLEQgAu3pPaMZcsZdo7LdhPfltlR+PMQ7J1e8W NNRT3mIrxZ+hGKEKi/Rdtmp18QcR1W0FEQy7xiMpmo8K3i6AstdSUyojf/OHRKV6 NBJxp/ejknI/O005mMAp5SZg0MgchP4Xv0wc6SkdUHoYxtoOo11FfUDSSTU8bH9+ twj5xYJ5UQM8WE2gTtAMxJElga2AZ00ZLTBBpDnCprK+WFx79bkHWCfYCZT+Cb3n OfRoxhD/ZS8llUlZIR/SEXzqOTYstfo9ZnjxsG2Ya/dTVqk/9XhvQGAskdLGtQ4o XmoguLrJRkRA/XORDlaPgNfSo3d50AcXki8kzMBHSRHeGXrXDfioyQ==Pp5Z -----END PGP SIGNATURE-----
On 04 Feb 2015, at 03:38 , ML mail <mlnospam at yahoo.com> wrote:> I am running a dovecot and proxy server on two different virtual machines and on the dovecot proxy server I see around 5-6 times per day the following warning: > > Feb 03 16:15:12 auth: Warning: proxy(email at domain.com,xxx.xxx.xxx.xxx,<ABC123456789>): DNS lookup for mailboxserver.domain.com took 1.550 sIf you are seeing a warning that dans lookup took 1.5 seconds 5-6 times a day, why are you concerned?> I do not really understand how from time to time DNS queries are slow,Because from time to time, queries are slow. A hiccough in the line, the server is slightly busy doing something else. There?s a lot of bandwidth during those 1.5 seconds being used. It could be anything. If you were seeing hundreds of these warning, or if the times were over 5 seconds, then I?d worry.> I tried replicate this issue using dig to resolve the same DNS entry and it was always very fast. Is there any way I can debug better this issue? or is this nothing to worry about really?I would not worry about it based on these numbers. -- there were far worse things than Evil. All the demons in Hell would torture your very soul, but that was precisely because they valued souls very highly; Evil would always try to steal the universe, but at least it considered the universe worth stealing. But the grey world behind those empty eyes would trample and destroy without even according its victims the dignity of hatred. It wouldn't even notice them. --The Light Fantastic
Thanks for your comments. I understand as DNS uses UDP that there could be some DNS queries which might get lost if the CPU or network is too busy but the thing is that this server is not so busy really. It has 2 cores with 4 GB of RAM and the CPU averages to 2% usage. The network averages to 1 Mbit/s traffic and there are around 600-700 processes running for 1100 mailboxes. Note here that this server is simply a proxy server, mailboxes are located on a separated server on the same LAN, the same applies to the database which has its own server too. These are all virtual machines by the way. I am not running a local DNS cache on the server. As suggested using a local DNS cache would simply fix this issue but I am more interested to know what is generating these slow DNS queries... On Wednesday, February 4, 2015 2:59 PM, LuKreme <kremels at kreme.com> wrote: On 04 Feb 2015, at 03:38 , ML mail <mlnospam at yahoo.com> wrote:> I am running a dovecot and proxy server on two different virtual machines and on the dovecot proxy server I see around 5-6 times per day the following warning: > > Feb 03 16:15:12 auth: Warning: proxy(email at domain.com,xxx.xxx.xxx.xxx,<ABC123456789>): DNS lookup for mailboxserver.domain.com took 1.550 sIf you are seeing a warning that dans lookup took 1.5 seconds 5-6 times a day, why are you concerned?> I do not really understand how from time to time DNS queries are slow,Because from time to time, queries are slow. A hiccough in the line, the server is slightly busy doing something else. There?s a lot of bandwidth during those 1.5 seconds being used. It could be anything. If you were seeing hundreds of these warning, or if the times were over 5 seconds, then I?d worry.> I tried replicate this issue using dig to resolve the same DNS entry and it was always very fast. Is there any way I can debug better this issue? or is this nothing to worry about really?I would not worry about it based on these numbers. -- there were far worse things than Evil. All the demons in Hell would torture your very soul, but that was precisely because they valued souls very highly; Evil would always try to steal the universe, but at least it considered the universe worth stealing. But the grey world behind those empty eyes would trample and destroy without even according its victims the dignity of hatred. It wouldn't even notice them. --The Light Fantastic