Can anybody give me suggestions please? I'm totally confused by a mysterious problem that suddenly happened out of the blue. Or almost.

I had changed some of the mod_evasive settings as I was getting too many false positives. About 3 hours later one of my monitoring systems alerted me to httpd being down. I checked from where I was and pages loaded sloooooly. Reboot didn't help. Restoring mod_evasive settings to default didn't help.

I went to the office to check from there -- sites load perfectly. Second monitoring system I subscribe to says no problem. But not from home and not from another locations (two different ISPs) -- still slow or non-responsive.

no errors in httpd log. no strange entries in asl log. no high load. no high memory. no problem that I can find. Not a routing problem as this is a VPS and its sisters on the same node are fine from the locations that give problems for this VPS - no problems with them.

Why it works fine from the office is mysterious. Plenty of normal entries in asl log, so something is getting through.

I don't know what's wrong. This is the strangest thing that has ever happened. Taking the firewall down doesn't help. Problem persists.

First guess, DNS. No load and no memory issues, but "slow" responses from apache is usually a DNS issue.

well, I've opened a case pleasding for help.

I think I've narrowed it down to mod_sec

If I remove my office ip from the whitelist, I get slow sites just like from elsewhere

If I disable mod_sec on a site, that site loads fine from elsewhere (was slow)

What the heck have I accidentally done? Where do I look now? I need to sleep but I can't until I've sorted this out

Bleep!
It started working again. I think I've found the problem.....

Sigh. Well I found the cause, but not the problem.

I run two rbldns servers - a primary and secondary, with mod_sec doing a lookup on them. Disabling this custom mod_sec rule caused all problems to go away instantly.

What I don't understand is why two other VPSes, which do exactly the same thing, continue happily with no problems. Worse still, I can do a "dig" A-record or TXT lookup on the affected VPS and I get an answer instantly. Restarting rbldnsd (on both other machines), the machines themselves, individual VPSes, anything -- makes no difference.

The same pair of dbldnsds also provides answers for one of my email blacklists, and as far as I can tell there's no issue with smtp - no timeouts, no long delays.