Thursday, December 2, 2010

How to Flush DNS


How to Flush DNS in Microsoft Windows

In Microsoft Windows, you can use the command ipconfig /flushdns to flush the DNS resolver cache. Open the command prompt and type the following:
C:>ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
 The above command will completely flush the DNS, deleting any incorrect entries too. You can also use the command ipconfig /displaydns to view the DNS resolver cache.

Turning Off DNS Caching under Microsoft Windows

If you experience frequent issues with DNS caching under Microsoft Windows, you can disable client-side DNS caching with either of these two commands:
net stop dnscache
sc servername stop dnscache
This will disable DNS caching until the next reboot. To make the change permanent, use the Service Controller tool or the Services tool to set the DNS Client service startup type to Disabled. You can permanently disable DNS Client by following the below steps:
  • Goto Start and click on Run.
  • Type Services.msc in the Run command box.
  • A window listing all the services will popup. Search for a service called DNS Client.
  • Double click on the listed DNS Client service and click Stop. Similarly, you can restart it by clicking Start.

Tuning DNS Caching under Microsoft Windows

You can modify the behavior of the Microsoft Windows DNS caching algorithm by setting two registry entries in the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDnscacheParameters registry key.
The MaxCacheTtl represents the maximum time that the results of a DNS lookup will be cached. The default value is 86,400 seconds. If you set this value to 1, DNS entries will only be cashed for a single second.
MaxNegativeCacheTtl represents the maximim time that the results of a failed DNS lookup will be cached. The default value is 900 seconds. If you set this value to 0, failed DNS lookups will not be cached.

Flush DNS in Mac OSX

In Mac OSX Leopard, you can use the command dscacheutil -flushcache to flush the DNS resolver cache:
bash-2.05a$ dscacheutil -flushcache
In Mac OSX versions 10.5.1 and before, the command lookupd -flushcache performed the same task:
bash-2.05a$ lookupd -flushcache

Flush DNS in Linux

In Linux, the nscd daemon manages the DNS cache. To flush the DNS cache, restart the nscd daemon. To restart the nscd daemon, use the command `/etc/init.d/nscd restart`.
Posted by at No comments:
Labels:

Linux and nf_conntrack.

When you have messages like this :


Dec  2 13:12:28 VivaLAN kernel: [8768983.190310] nf_conntrack: table full, dropping packet.
Dec  2 13:14:32 VivaLAN kernel: [8769110.070735] nf_conntrack: table full, dropping packet.
Dec  2 13:14:32 VivaLAN kernel: [8769110.082320] nf_conntrack: table full, dropping packet.
Dec  2 13:14:32 VivaLAN kernel: [8769110.082320] nf_conntrack: table full, dropping packet.
Dec  2 13:14:32 VivaLAN kernel: [8769110.086320] nf_conntrack: table full, dropping packet.
Dec  2 13:14:32 VivaLAN kernel: [8769110.089848] nf_conntrack: table full, dropping packet.
Dec  2 13:14:32 VivaLAN kernel: [8769110.094892] nf_conntrack: table full, dropping packet.
Dec  2 13:14:32 VivaLAN kernel: [8769110.099703] nf_conntrack: table full, dropping packet.
Dec  2 13:14:32 VivaLAN kernel: [8769110.119987] nf_conntrack: table full, dropping packet.
Dec  2 13:14:32 VivaLAN kernel: [8769110.127979] nf_conntrack: table full, dropping packet.
Dec  2 13:14:32 VivaLAN kernel: [8769110.138279] nf_conntrack: table full, dropping packet.











you can disable the conntrack : 




iptables -t raw -I OUTPUT -j NOTRACK
iptables -t raw -I PREROUTING -j NOTRACK

The other way when you do not want to disable full contrack you can increase the connections
#cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
65432
#
# echo "130864" > /proc/sys/net/ipv4/netfilter/ip_conntrack_max


Posted by at No comments:

Tuesday, November 30, 2010

Round Trip and Packet Loss stats with rrdtool


To get some nice graphs showing your round trip time and your packet loss, like the following image, follow the steps below:
What you need before you start: rrdtool and a cron server (vixie-cron is fine).
a) Execute the following

/usr/bin/rrdtool create /var/rrds/ping/ping_wan.rrd \
--step 300 \
DS:pl:GAUGE:600:0:100 \
DS:rtt:GAUGE:600:0:10000000 \
RRA:AVERAGE:0.5:1:800 \
RRA:AVERAGE:0.5:6:800 \
RRA:AVERAGE:0.5:24:800 \
RRA:AVERAGE:0.5:288:800 \
RRA:MAX:0.5:1:800 \
RRA:MAX:0.5:6:800 \
RRA:MAX:0.5:24:800 \
RRA:MAX:0.5:288:800
You can change /var/rrds/ping/ping_wan.rrd to the path/file.rrd you wish.
b) Save the following to the file ping.sh

#!/bin/bash
PING=/bin/ping
COUNT=4
DEADLINE=10
ping_host() {
local output=$($PING -q -n -c $COUNT -w $DEADLINE $1 2>&1)
# notice $output is quoted to preserve newlines
local temp=$(echo "$output"| awk '
BEGIN {pl=100; rtt=0.1}
/packets transmitted/ {
match($0, /([0-9]+)% packet loss/, matchstr)
pl=matchstr[1]
}
/^rtt/ {
# looking for something like 0.562/0.566/0.571/0.024
match($4, /(.*)\/(.*)\/(.*)\/(.*)/, a)
rtt=a[2]
}
/unknown host/ {
# no output at all means network is probably down
pl=100
rtt=0.1
}
END {print pl ":" rtt}
')
RETURN_VALUE=$temp
}
# ping a host on the local lan
ping_host www.ntua.gr
/usr/bin/rrdtool update \
/var/rrds/ping/ping_wan.rrd \
--template \
pl:rtt \
N:$RETURN_VALUE
ping.sh.gz
Change the ping_host www.ntua.gr to the one of your choice. Make the script executable, chmod +x ping.sh.
If you have changed the /var/rrds/ping/ping_wan.rrd on step (a) you have to change it here too.
c) Save the following to ping-graph.sh and make it executable.

#!/bin/sh
cd /var/rrds/ping/
echo "
<HTML>
<HEAD><TITLE>Round-Trip and Packet Loss Stats</TITLE></HEAD>
<BODY>
<H3>Hourly Round-Trip & Packetloss Stats(1min average)</H3>
" > index.html
rrdtool graph ping_wan_hour.png -h 225 -w 600 -a PNG \
--imginfo '<IMG SRC=/stats/%s WIDTH=%lu HEIGHT=%lu >' \
--start -3600 --end -60 --x-grid MINUTE:10:HOUR:1:MINUTE:30:0:%R \
-v "Round-Trip Time (ms)" \
--rigid \
--lower-limit 0 \
DEF:roundtrip=ping_wan.rrd:rtt:AVERAGE \
DEF:packetloss=ping_wan.rrd:pl:AVERAGE \
CDEF:PLNone=packetloss,0,2,LIMIT,UN,UNKN,INF,IF \
CDEF:PL2=packetloss,2,8,LIMIT,UN,UNKN,INF,IF \
CDEF:PL15=packetloss,8,15,LIMIT,UN,UNKN,INF,IF \
CDEF:PL25=packetloss,15,25,LIMIT,UN,UNKN,INF,IF \
CDEF:PL50=packetloss,25,50,LIMIT,UN,UNKN,INF,IF \
CDEF:PL75=packetloss,50,75,LIMIT,UN,UNKN,INF,IF \
CDEF:PL100=packetloss,75,100,LIMIT,UN,UNKN,INF,IF \
AREA:roundtrip#4444ff:"Round Trip Time (millis)" \
GPRINT:roundtrip:LAST:"Cur\: %5.2lf" \
GPRINT:roundtrip:AVERAGE:"Avg\: %5.2lf" \
GPRINT:roundtrip:MAX:"Max\: %5.2lf" \
GPRINT:roundtrip:MIN:"Min\: %5.2lf\n" \
AREA:PLNone#6c9bcd:"0-2%":STACK \
AREA:PL2#00ffae:"2-8%":STACK \
AREA:PL15#ccff00:"8-15%":STACK \
AREA:PL25#ffff00:"15-25%":STACK \
AREA:PL50#ffcc66:"25-50%":STACK \
AREA:PL75#ff9900:"50-75%":STACK \
AREA:PL100#ff0000:"75-100%":STACK \
COMMENT:"(Packet Loss Percentage)"
echo "
<img src="ping_wan_hour.png"><br>
<br>
<H3>Daily Round-Trip & Packetloss Stats(1min average)</H3>
" >> index.html
rrdtool graph ping_wan_day.png -h 225 -w 600 -a PNG \
--imginfo '<IMG SRC=/stats/%s WIDTH=%lu HEIGHT=%lu >' \
--lazy --start -86400 --end -60 --x-grid MINUTE:30:HOUR:1:HOUR:2:0:%H \
-v "Round-Trip Time (ms)" \
--rigid \
--lower-limit 0 \
DEF:roundtrip=ping_wan.rrd:rtt:AVERAGE \
DEF:packetloss=ping_wan.rrd:pl:AVERAGE \
CDEF:PLNone=packetloss,0,2,LIMIT,UN,UNKN,INF,IF \
CDEF:PL2=packetloss,2,8,LIMIT,UN,UNKN,INF,IF \
CDEF:PL15=packetloss,8,15,LIMIT,UN,UNKN,INF,IF \
CDEF:PL25=packetloss,15,25,LIMIT,UN,UNKN,INF,IF \
CDEF:PL50=packetloss,25,50,LIMIT,UN,UNKN,INF,IF \
CDEF:PL75=packetloss,50,75,LIMIT,UN,UNKN,INF,IF \
CDEF:PL100=packetloss,75,100,LIMIT,UN,UNKN,INF,IF \
AREA:roundtrip#4444ff:"Round Trip Time (millis)" \
GPRINT:roundtrip:LAST:"Cur\: %5.2lf" \
GPRINT:roundtrip:AVERAGE:"Avg\: %5.2lf" \
GPRINT:roundtrip:MAX:"Max\: %5.2lf" \
GPRINT:roundtrip:MIN:"Min\: %5.2lf\n" \
AREA:PLNone#6c9bcd:"0-2%":STACK \
AREA:PL2#00ffae:"2-8%":STACK \
AREA:PL15#ccff00:"8-15%":STACK \
AREA:PL25#ffff00:"15-25%":STACK \
AREA:PL50#ffcc66:"25-50%":STACK \
AREA:PL75#ff9900:"50-75%":STACK \
AREA:PL100#ff0000:"75-100%":STACK \
COMMENT:"(Packet Loss Percentage)"
echo "
<img src="ping_wan_day.png"><br>
<br>
<H3>Weekly Round-Trip & Packetloss Stats(1min average)</H3>
" >> index.html
rrdtool graph ping_wan_week.png -h 225 -w 600 -a PNG \
--imginfo '<IMG SRC=/stats/%s WIDTH=%lu HEIGHT=%lu >' \
--lazy --start -604800 --end -1800 \
-v "Round-Trip Time (ms)" \
--rigid \
--lower-limit 0 \
DEF:roundtrip=ping_wan.rrd:rtt:AVERAGE \
DEF:packetloss=ping_wan.rrd:pl:AVERAGE \
CDEF:PLNone=packetloss,0,2,LIMIT,UN,UNKN,INF,IF \
CDEF:PL2=packetloss,2,8,LIMIT,UN,UNKN,INF,IF \
CDEF:PL15=packetloss,8,15,LIMIT,UN,UNKN,INF,IF \
CDEF:PL25=packetloss,15,25,LIMIT,UN,UNKN,INF,IF \
CDEF:PL50=packetloss,25,50,LIMIT,UN,UNKN,INF,IF \
CDEF:PL75=packetloss,50,75,LIMIT,UN,UNKN,INF,IF \
CDEF:PL100=packetloss,75,100,LIMIT,UN,UNKN,INF,IF \
AREA:roundtrip#4444ff:"Round Trip Time (millis)" \
GPRINT:roundtrip:LAST:"Cur\: %5.2lf" \
GPRINT:roundtrip:AVERAGE:"Avg\: %5.2lf" \
GPRINT:roundtrip:MAX:"Max\: %5.2lf" \
GPRINT:roundtrip:MIN:"Min\: %5.2lf\n" \
AREA:PLNone#6c9bcd:"0-2%":STACK \
AREA:PL2#00ffae:"2-8%":STACK \
AREA:PL15#ccff00:"8-15%":STACK \
AREA:PL25#ffff00:"15-25%":STACK \
AREA:PL50#ffcc66:"25-50%":STACK \
AREA:PL75#ff9900:"50-75%":STACK \
AREA:PL100#ff0000:"75-100%":STACK \
COMMENT:"(Packet Loss Percentage)"
echo "
<img src="ping_wan_week.png"><br>
<br>
<H3>Monthly Round-Trip & Packetloss Stats(1min average)</H3>
" >> index.html
rrdtool graph ping_wan_month.png -h 225 -w 600 -a PNG \
--imginfo '<IMG SRC=/stats/%s WIDTH=%lu HEIGHT=%lu >' \
--lazy --start -2592000 --end -7200 \
-v "Round-Trip Time (ms)" \
--rigid \
--lower-limit 0 \
DEF:roundtrip=ping_wan.rrd:rtt:AVERAGE \
DEF:packetloss=ping_wan.rrd:pl:AVERAGE \
CDEF:PLNone=packetloss,0,2,LIMIT,UN,UNKN,INF,IF \
CDEF:PL2=packetloss,2,8,LIMIT,UN,UNKN,INF,IF \
CDEF:PL15=packetloss,8,15,LIMIT,UN,UNKN,INF,IF \
CDEF:PL25=packetloss,15,25,LIMIT,UN,UNKN,INF,IF \
CDEF:PL50=packetloss,25,50,LIMIT,UN,UNKN,INF,IF \
CDEF:PL75=packetloss,50,75,LIMIT,UN,UNKN,INF,IF \
CDEF:PL100=packetloss,75,100,LIMIT,UN,UNKN,INF,IF \
AREA:roundtrip#4444ff:"Round Trip Time (millis)" \
GPRINT:roundtrip:LAST:"Cur\: %5.2lf" \
GPRINT:roundtrip:AVERAGE:"Avg\: %5.2lf" \
GPRINT:roundtrip:MAX:"Max\: %5.2lf" \
GPRINT:roundtrip:MIN:"Min\: %5.2lf\n" \
AREA:PLNone#6c9bcd:"0-2%":STACK \
AREA:PL2#00ffae:"2-8%":STACK \
AREA:PL15#ccff00:"8-15%":STACK \
AREA:PL25#ffff00:"15-25%":STACK \
AREA:PL50#ffcc66:"25-50%":STACK \
AREA:PL75#ff9900:"50-75%":STACK \
AREA:PL100#ff0000:"75-100%":STACK \
COMMENT:"(Packet Loss Percentage)"
echo "
<img src="ping_wan_month.png"><br>
<br>
<H3>Yearly Round-Trip & Packetloss Stats(1min average)</H3>
" >> index.html
rrdtool graph ping_wan_year.png \
--imginfo '<IMG SRC=/stats/%s WIDTH=%lu HEIGHT=%lu >' \
--lazy --start -31536000 --end -86400 -h 225 -w 600 -a PNG \
-v "Round-Trip Time (ms)" \
--rigid \
--lower-limit 0 \
DEF:roundtrip=ping_wan.rrd:rtt:AVERAGE \
DEF:packetloss=ping_wan.rrd:pl:AVERAGE \
CDEF:PLNone=packetloss,0,2,LIMIT,UN,UNKN,INF,IF \
CDEF:PL2=packetloss,2,8,LIMIT,UN,UNKN,INF,IF \
CDEF:PL15=packetloss,8,15,LIMIT,UN,UNKN,INF,IF \
CDEF:PL25=packetloss,15,25,LIMIT,UN,UNKN,INF,IF \
CDEF:PL50=packetloss,25,50,LIMIT,UN,UNKN,INF,IF \
CDEF:PL75=packetloss,50,75,LIMIT,UN,UNKN,INF,IF \
CDEF:PL100=packetloss,75,100,LIMIT,UN,UNKN,INF,IF \
AREA:roundtrip#4444ff:"Round Trip Time (millis)" \
GPRINT:roundtrip:LAST:"Cur\: %5.2lf" \
GPRINT:roundtrip:AVERAGE:"Avg\: %5.2lf" \
GPRINT:roundtrip:MAX:"Max\: %5.2lf" \
GPRINT:roundtrip:MIN:"Min\: %5.2lf\n" \
AREA:PLNone#6c9bcd:"0-2%":STACK \
AREA:PL2#00ffae:"2-8%":STACK \
AREA:PL15#ccff00:"8-15%":STACK \
AREA:PL25#ffff00:"15-25%":STACK \
AREA:PL50#ffcc66:"25-50%":STACK \
AREA:PL75#ff9900:"50-75%":STACK \
AREA:PL100#ff0000:"75-100%":STACK \
COMMENT:"(Packet Loss Percentage)"
echo "
<img src="ping_wan_year.png"><br>
<br>
</BODY>
</HTML>
" >> index.html
If you have changed /var/rrds/ping on step (a) you need to change it here in the beggining of the script too.
The above script creates a very simple index.html file inside /var/rrds/ping (unless you’ve changed it) with 5 graphs: hourly, daily, weekly, monthly and yearly
d) Add the following entries to your crontab:

*/5 * * * * /etc/mrtg/ping.sh
1,6,11,16,21,26,31,36,41,46,51,56 * * * * /path/to/ping-graph.sh
For better accuracy, you can change “–step 300″ to “–step 60″ in the rrd database creation script and then change the crontab entry for ping.sh from:
*/5 * * * * /etc/mrtg/ping.sh
to
* * * * * /etc/mrtg/ping.sh
Original ping script and rrd config for the graphs from http://haroon.sis.utoronto.ca/rrd/scripts/
Enjoy your graphs.



Posted by at No comments:

How to disconnect JUNOS TTY sessions with a TTY ID of "qX"

SUMMARY:
How to forcibly disconnect TTY sessions in JUNOS which got a TTY ID starting with either a q or an r or any following letter in the alphabet.
PROBLEM OR GOAL:
More than 32 TTY simultaneous sessions are opened to a router running a JUNOS version prior to 8.2.
As a result all the sessions beyond the 32nd simultaneous session the TTY session ID will start with q .
The CLI command  request system logout terminal X  does not work for the TTY sessions whose ID begin with aq or an r  , and the session is not terminated.


Below there is an example:
  • On the router there are many concurrent TTY sessions:  
    • operator@router> show system users no-resolve
11:24AM  up 10 mins, 40 users, load averages: 0.11, 0.10, 0.06
USER     TTY      FROM                              LOGIN@  IDLE WHAT
operator  p0       172.26.24.43                     11:20AM     - -cli (cli)
operator  p1       172.26.24.43                     11:22AM     2 -cli (cli)
[...]
operator  pv       172.26.24.43                     11:24AM     - -cli (cli)
operator  q0       172.26.24.43                     11:24AM     - -cli (cli)
operator  q1       172.26.24.43                     11:24AM     - -cli (cli)
[...] 
     
  • Focusing on the first session starting with q (e.g. q0)
    operator@router> show system users no-resolve | match q0
operator  q0       172.26.24.43                     11:24AM     - -cli (cli)
      
  • We try to close this session by using the following command: 
    operator@router> request system logout terminal q0
     
  • But the TTY session is still connected:
    operator@router> show system users no-resolve | match q0
operator  q0       172.26.24.43                     11:24AM     - -cli (cli)
     
  • A different (expected) result can be observed, when trying to disconnect a TTY session with TTY ID lower than qX, i.e.p1
    operator@router> show system users no-resolve | match p1
operator  p1       172.26.24.43                     11:22AM     7 -cli (cli)
    operator@router> request system logout terminal p1

operator@router> show system users no-resolve | match p1

operator@router> 
    The TTY session p1 has been disconnected as expected.
SOLUTION:
Use the PID of a certain TTY session to disconnect it, as shown in the example below:

  • Check which PID the TTY session q0 has: 
    operator@router> show system processes |match q0
    3603  ??  Is     0:00.01 mgd: (mgd) (operator)/dev/ttyq0 (mgd)     
  • Then specify the PID of q0 in the CLI command request system logout terminal
    operator@router> request system logout terminal q0 pid 3603 
  • Verify, that the TTY session has been closed:
    operator@router> show system users no-resolve | match q0 

    operator@router>


Note: This issue has been tracked via PR/80848.

PURPOSE:
Troubleshooting
RELATED LINKS: 
LINK TITLE:

  • JUNOS Problem Report PR/80848: [CLI] tty sessions not forcibly logged out if have ID "qXX" or "rXX"

    • LINK URL:  How to disconnect JUNOS TTY sessions with a TTY ID of "qX"
    Posted by at No comments:
    Subscribe to: Posts (Atom)