Forum: NGINX DNS Issue?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Neil S. (Guest)
on 2008-10-16 09:31
(Received via mailing list)
Hello all -

I recently switched my setup to use internal 10.0.0.x IPs for the
backend webserver connections.  For 18-19 hours, it was fine, but now
I'm seeing issues.  Each requests takes a LONG time to return.  If I
switch back to the publicly accessible IPs, things work fine.

Any thoughts?  Perhaps it's trying to some sort of dns lookup and
failing?

Thanks!
Neil S. (Guest)
on 2008-10-16 10:23
(Received via mailing list)
Hmmm, it appears we have general problems with using our 10.0.0.x
addresses.  For example, doing something like:
ssh 10.0.0.2
takes a LONG time to return.

If I do something like
123.123.123 (my public IP),
things return promptly.

Perhaps this is a general networking question less than
nginx-specific, but thought I'd check if anyone has any good
suggestions!  Thanks!
Kon W. (Guest)
on 2008-10-16 10:29
(Received via mailing list)
On Wed, Oct 15, 2008 at 11:16 PM, Neil S. <removed_email_address@domain.invalid> 
wrote:
> nginx-specific, but thought I'd check if anyone has any good
> suggestions!  Thanks!

Let me guess your sshd is doing reverse DNS lookups and you have no
internal DNS serving your 10.x.x.x network.

Cheers
Kon
Dave C. (Guest)
on 2008-10-16 10:43
(Received via mailing list)
Hi Niel,

Have you traced the backend connection with tshark or ngrep to see what
traffic is flowing between nginx and your backend machines ?

Cheers

Dave

On Wed, 15 Oct 2008 22:24:52 -0700, Neil S. 
<removed_email_address@domain.invalid> wrote:
> Hello all -
>
> I recently switched my setup to use internal 10.0.0.x IPs for the
> backend webserver connections.  For 18-19 hours, it was fine, but now
> I'm seeing issues.  Each requests takes a LONG time to return.  If I
> switch back to the publicly accessible IPs, things work fine.
>
> Any thoughts?  Perhaps it's trying to some sort of dns lookup and
failing?
Neil S. (Guest)
on 2008-10-16 12:32
(Received via mailing list)
I think this IS the issue, Kon.  For example, I do:
traceroute -n 10.0.0.2
Returns immediately

I do
traceroute 10.0.0.2
Takes quite some time.

Thoughts on how to resolve this?  Perhaps my settings in ifcfg-eth1
aren't complete?
CryptWizard (Guest)
on 2008-10-16 13:11
(Received via mailing list)
Try adding an entry for it in /etc/hosts
Neil S. (Guest)
on 2008-10-16 13:22
(Received via mailing list)
I just added the following in the /etc/hosts file for each of my
servers:

10.0.0.2        mydomain.com
10.0.0.3        mydomain.com
10.0.0.4        mydomain.com
10.0.0.5        mydomain.com
10.0.0.6        mydomain.com
10.0.0.7        mydomain.com
10.0.0.8        mydomain.com
(repeated for each IP I have assigned)

A bit tedious, but seems to have solved the issue.  Any downsides to
this?

Thanks!
Tit P. (Guest)
on 2008-10-16 14:45
(Received via mailing list)
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Basically, Kon was on point. Set up an internal DNS.<br>
<br>
Since you have atleast 8 servers, and I guess probably more, you really
need to think about using a local DNS, or you will have to modify the
hosts file on each one of those when&amp;if you make changes.<br>
<br>
Lp<br>
<br>
Neil S. wrote:
<blockquote
 cite="mid:removed_email_address@domain.invalid"
 type="cite">
  <pre wrap="">I just added the following in the /etc/hosts file for
each of my servers:

10.0.0.2        mydomain.com
10.0.0.3        mydomain.com
10.0.0.4        mydomain.com
10.0.0.5        mydomain.com
10.0.0.6        mydomain.com
10.0.0.7        mydomain.com
10.0.0.8        mydomain.com
(repeated for each IP I have assigned)

A bit tedious, but seems to have solved the issue.  Any downsides to
this?

Thanks!


On Thu, Oct 16, 2008 at 2:04 AM, CryptWizard <a
class="moz-txt-link-rfc2396E"
href="mailto:removed_email_address@domain.invalid">&lt;removed_email_address@domain.invalid&gt;</a>
wrote:
  </pre>
  <blockquote type="cite">
    <pre wrap="">Try adding an entry for it in /etc/hosts

On Thu, Oct 16, 2008 at 7:13 PM, Neil S. <a
class="moz-txt-link-rfc2396E"
href="mailto:removed_email_address@domain.invalid">&lt;removed_email_address@domain.invalid&gt;</a> 
wrote:
    </pre>
    <blockquote type="cite">
      <pre wrap="">I think this IS the issue, Kon.  For example, I do:
traceroute -n 10.0.0.2
Returns immediately

I do
traceroute 10.0.0.2
Takes quite some time.

Thoughts on how to resolve this?  Perhaps my settings in ifcfg-eth1
aren't complete?

On Wed, Oct 15, 2008 at 11:23 PM, Kon W. <a
class="moz-txt-link-rfc2396E"
href="mailto:removed_email_address@domain.invalid">&lt;removed_email_address@domain.invalid&gt;</a> 
wrote:
      </pre>
      <blockquote type="cite">
        <pre wrap="">On Wed, Oct 15, 2008 at 11:16 PM, Neil S. <a
class="moz-txt-link-rfc2396E"
href="mailto:removed_email_address@domain.invalid">&lt;removed_email_address@domain.invalid&gt;</a> 
wrote:
        </pre>
        <blockquote type="cite">
          <pre wrap="">Hmmm, it appears we have general problems with
using our 10.0.0.x
addresses.  For example, doing something like:
ssh 10.0.0.2
takes a LONG time to return.

If I do something like
123.123.123 (my public IP),
things return promptly.

Perhaps this is a general networking question less than
nginx-specific, but thought I'd check if anyone has any good
suggestions!  Thanks!
          </pre>
        </blockquote>
        <pre wrap="">Let me guess your sshd is doing reverse DNS lookups
and you have no
internal DNS serving your 10.x.x.x network.

Cheers
Kon


        </pre>
      </blockquote>
    </blockquote>
    <pre wrap="">
    </pre>
  </blockquote>
  <pre wrap=""><!---->
  </pre>
</blockquote>
</body>
</html>
Neil S. (Guest)
on 2008-10-16 21:48
(Received via mailing list)
I'm still not sure "what" is doing the lookup - nginx?  Apache on the
backend? (I have HostnameLookup off there.)
This topic is locked and can not be replied to.