When trying to do some redesign for this blog, all of a sudden connections failed. at least, from within the LAN. Even trying to access the webserver from the VMS-machine itself failed: no connection could be made. Though it looked like connections from the Internet were able – but it looked like availability was sometimes interrupted.
The sites that require https had no problem at all, I could access them and they responded nivcely. just thhe two sites that can be accessed using an unsecured connection failed.
I found one accessor with a large amount of connections to the system, in particilar this blogs main page. But the number of WASD processes was limited – and no large amount of error messages in the logs. Though the browsers mentioned an DNS error, it wasn’t since translation of www.grootersnet.nl just worked – it was just WASD not responding.
WASD was stopped and restarted but it didn’t solve the issue; I also made some adjustments to the router firewall to block this connection; restarted the router (it restarted all by itself at some point) but the problem persisted.
Did some testing and analysis but there is no reason why NOT ANY data seems to be passed to the webserver; Not even the mapping of abusers (that will get a message they have been banned) were shown in WATCH, not even the request was logged.
I contacted the WASD mailing list, even mark is puzzled, but he also noted interruptions in accessing the homepage.
In the mean time, I noted still some old addresses here and there – but since the system has run fine for a few weeks (after latest and suddenly stopped – without any changes in the environment) these were not causing the problems…
In all, I spent all night (until 5:00) trying to solve the issue, to no avail. this morning it seemed a bit better, I’m now outside the LAN so I it looks fine from here. It may be a good idea to reboot the server, just to reset everything -0 completely; hopefully it solves the problem.
Tried like Mark suggested in his last reply: What happens if I use telnet to port 80 from another machine in the LAN? Done that several times last night and results were dramatic. But today the connection was setup in no time – and closed immediately. My mistake – it won’t run on SSH :). With telnet: No problem: Entering
GET / gives me the page I requested. Same using the normal access using the website URL: It just works – and fast.
So it does seem to be caused by an overload on port 80: site at address 220.127.116.11 (according Robtex a Chinese address, no further information) was accessing the site multiple times a second, until 9:21 this morning according the router logging. But both this address as any address from China is blocked in the router. At least, I would expect that. So it’s up to Draytek to explain how to block the front gate for any address (or country).
So NO reboot needed.
Local DNS issue
however, there is just one minor detail I need to solve.
$ tcpip show host
only shows the statically defined hosts. Not the ones that get their data from the DHCP server. Previously, DHCP would update the DNS database, but now it does not. Must have something to do with DNS address and some data in DHCP, I guess.