Re: Dns statistics

Aupee Jean-Francois · ‎02-03-2004

Hi ,

Is-it easy to obtain statistics form
the DNS primary / secondary
( queries accepted / denied / error ... ) ?

Best regards

Geoff Wild · ‎02-04-2004

There is a tool on this page:

http://ntg.depaul.edu/rd/software/

called named-report v1.3

Something else I use - dnstop

http://dnstop.measurement-factory.com/

Rgds..Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Geoff Wild · ‎02-04-2004

BTW - here's an example output of the:

# named-report.pl /var/named/named.log
WARNING: unknown log messages detected, enable DEBUG to view.

-----------------------------------
ISC BIND named log summary report
-----------------------------------
Total log messages: 373
Total server status messages: 4
Total server config loads: 2
Total IPv6 interfaces not found: 2
Total lame server reports: 338
Total other (unknown) messages: 31

Top 10 server config loads
Count File
2 /etc/named.conf

Top 10 lame zones
Count Zone
48 218.210.in-addr.arpa
32 5.151.17.66.in-addr.arpa
32 170.224.195.in-addr.arpa
32 244.245.207.in-addr.arpa
16 107.17.61.in-addr.arpa
16 224.80.194.in-addr.arpa
16 136.182.65.in-addr.arpa
16 99.193.66.in-addr.arpa
16 166.59.216.in-addr.arpa
16 n-01.net

Top 10 lame servers
Count Server
16 207.181.89.2 ns1.business.allstream.net
16 216.98.138.14 ns2.unitedworldinternet.net
16 207.181.89.3 ns2.business.allstream.net
16 216.98.155.9 ns1.unitedworldinternet.net
9 134.75.30.1 ns.kreonet.re.kr
8 211.47.45.22 kr2nd.hitel.net
8 24.139.0.13 curly.personainc.net
8 193.194.64.11 decst.cerist.dz
8 66.162.134.132 ns1.networkeleven.net
8 218.104.95.238 dns-zhongnan.jsnj.cncnet.net

Top 10 lame records
Count Record
48 28.147.218.210.in-addr.arpa
32 5.151.17.66.in-addr.arpa
32 2.170.224.195.in-addr.arpa
16 37.80.104.218.in-addr.arpa
16 1.99.193.66.in-addr.arpa
16 100.244.245.207.in-addr.arpa
16 70.136.182.65.in-addr.arpa
16 h69-10-135-153.n-01.net
16 105.47.103.66.in-addr.arpa
16 36.107.17.61.in-addr.arpa

Top 10 lame server/zone tuples
Count Server [(name)] / Zone
16 216.98.138.14 (ns2.unitedworldinternet.net) / 5.151.17.66.in-addr.arpa
16 207.181.89.2 (ns1.business.allstream.net) / 244.245.207.in-addr.arpa
16 207.181.89.3 (ns2.business.allstream.net) / 244.245.207.in-addr.arpa
16 216.98.155.9 (ns1.unitedworldinternet.net) / 5.151.17.66.in-addr.arpa
8 211.47.45.22 (kr2nd.hitel.net) / 218.210.in-addr.arpa
8 134.75.30.1 (ns.kreonet.re.kr) / 218.210.in-addr.arpa
8 195.224.255.6 (auth2.dns.gxn.net) / 170.224.195.in-addr.arpa
8 209.148.64.42 (cns2.look.ca) / n-01.net
8 211.216.50.130 (kr2nd.kornet.net) / 218.210.in-addr.arpa
8 216.59.133.65 (ns2.gus.net) / 166.59.216.in-addr.arpa

Top 10 categories of log messages
Count Category
338 lame-servers
31 general
2 network
2 config

Top 10 severities of log messages
Count Severity
371 info
2 error

Hourly log summary
Hour Logs (count/percent)
0 (0/0.00%)
1 (0/0.00%)
2 (0/0.00%)
3 (0/0.00%)
4 (0/0.00%)
5 (0/0.00%)
6 ################(120/32.17%)
7 ###############################(229/61.39%)
8 ###(24/6.43%)
9 (0/0.00%)
10 (0/0.00%)
11 (0/0.00%)
12 (0/0.00%)
13 (0/0.00%)
14 (0/0.00%)
15 (0/0.00%)
16 (0/0.00%)
17 (0/0.00%)
18 (0/0.00%)
19 (0/0.00%)
20 (0/0.00%)
21 (0/0.00%)
22 (0/0.00%)
23 (0/0.00%)

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Aupee Jean-Francois · ‎02-04-2004

Hi Geoff,

How to generate the log file ?
/var/named/named.log

modifying /etc/named.conf to log
activity ?

or

add an option to named and stop/start named ?

Best regards

Geoff Wild · ‎02-04-2004

Add this to /etc/named.conf after your options section. For testing, I'm logging queries - but as you see you set it to null:

logging {

channel all_channel {
file "/var/named/named.log" versions 5 size 5M; // keep 5 versions max 5 MB in size
print-category yes;
print-severity yes;
print-time yes;
};
category queries { all_channel; };
// category queries { null; };
category update { all_channel; };
category security { all_channel; };
category default { all_channel; };

};

The rndc reload

Make sure /var/named exists and named id can write to it.

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Aupee Jean-Francois · ‎02-09-2004

Hi Geoff,

I've modified /etc/named.conf
kill -1 named_PID

So, the log grown...

When a run named.report the following
messages appear :

WARNING: unknown log messages detected, enable DEBUG to view.

-----------------------------------
ISC BIND named log summary report
-----------------------------------
Total log messages: 35
Total other (unknown) messages: 35

All the log messages are ignored,
so i think my log file haven't the good
format ?

10-Feb-2004 11:01:48.302 default: info: Forwarding source address is [0.0.0.0].63842
10-Feb-2004 11:01:48.312 default: notice: Ready to answer queries.
10-Feb-2004 11:01:55.742 load: info: slave zone "xxx.xxx.xxx.in-addr.arpa" (IN) loaded (serial 2004021000)
10-Feb-2004 11:01:59.770 load: info: slave zone "xxx.xxx.xxx.in-addr.arpa" (IN) loaded (serial 2004021000)
10-Feb-2004 11:02:02.813 load: info: slave zone "xxx.xxx.xxx.in-addr.arpa" (IN) loaded (serial 2004021001)
10-Feb-2004 11:02:05.703 load: info: slave zone "xxx.xxx.xxx.in-addr.arpa" (IN) loaded (serial 2004021000)
10-Feb-2004 11:02:07.780 load: info: slave zone "xxx.xxx.xxx.in-addr.arpa" (IN) loaded (serial 2004021000)
10-Feb-2004 11:02:13.166 load: info: slave zone "xxx.xxx.xxx.in-addr.arpa" (IN) loaded (serial 2004021000)
10-Feb-2004 11:02:13.215 load: info: slave zone "xxx.xxx.xxx.in-addr.arpa" (IN) loaded (serial 2004021000)
10-Feb-2004 11:02:17.775 load: info: slave zone "xxx.xxx.xxx.in-addr.arpa" (IN) loaded (serial 2004021000)
10-Feb-2004 11:05:00.786 queries: info: XX /xxx.xxx.xxx.xxx/COMPAGNY_cadm.diamond.COMPAGNY.com/A
10-Feb-2004 11:05:36.933 queries: info: XX /xxx.xxx.xxx.xxx/PORTABLE.diamond.COMPAGNY.com/A
10-Feb-2004 11:05:38.439 queries: info: XX /xxx.xxx.xxx.xxx/PORTABLE.diamond.COMPAGNY.com/A
10-Feb-2004 11:05:39.933 queries: info: XX /xxx.xxx.xxx.xxx/PORTABLE.diamond.COMPAGNY.com/A
10-Feb-2004 11:05:54.299 queries: info: XX /xxx.xxx.xxx.xxx/Y4W6B1.Diamond.COMPAGNY.com/A
10-Feb-2004 11:06:07.904 queries: info: XX /xxx.xxx.xxx.xxx/NTDOMAIN.Diamond.COMPAGNY.com/A
10-Feb-2004 11:08:12.152 queries: info: XX /xxx.xxx.xxx.xxx/C.E/A
10-Feb-2004 11:11:35.685 queries: info: XX /xxx.xxx.xxx.xxx/PORTABLE.diamond.COMPAGNY.com/A
10-Feb-2004 11:11:37.185 queries: info: XX /xxx.xxx.xxx.xxx/PORTABLE.diamond.COMPAGNY.com/A
10-Feb-2004 11:11:38.685 queries: info: XX /xxx.xxx.xxx.xxx/PORTABLE.diamond.COMPAGNY.com/A
10-Feb-2004 11:12:14.273 queries: info: XX /xxx.xxx.xxx.xxx/TS.GATOR.COM/A
10-Feb-2004 11:13:12.114 queries: info: XX /xxx.xxx.xxx.xxx/C.E/A
10-Feb-2004 11:15:19.761 queries: info: XX /xxx.xxx.xxx.xxx/TS.GATOR.COM/A
10-Feb-2004 11:20:08.545 queries: info: XX /xxx.xxx.xxx.xxx/www.CITY.sc.COMPAGNY.com/A
10-Feb-2004 11:20:08.545 default: info: sysquery: findns error (SERVFAIL) on ns0.COMPAGNY.com?
10-Feb-2004 11:20:08.546 default: info: sysquery: findns error (SERVFAIL) on ns1.COMPAGNY.com?

Is my log file looks ok ?

Best regards.

Geoff Wild · ‎02-10-2004

What version of Bind are you running?

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Aupee Jean-Francois · ‎02-10-2004

Hi Geoff,

what /usr/sbin/named
/usr/sbin/named:
Copyright (c) 1986, 1989, 1990 The Regents of the University of California.
named 8.1.2 Fri Nov 21 05:54:28 GMT 2003 PHNE_30068

Regards.

Geoff Wild · ‎02-10-2004

Ahh - that's why - the named-report-1.3 only works with Bind 9....

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Aupee Jean-Francois · ‎02-10-2004

Hi Geoff,

Ok, but I don't know when they want to update the bind.

That a pity ...

Is-it complicated to update the bind to
version 9.x ?

Regards.

Geoff Wild · ‎02-10-2004

Updating - that depends....

For example, for the site I look after, only change I need to do is add $TTL to our zone files. (I also run my own bind 9.2.3 server on Linux).

Check out the BIND 9 Administrator Reference Manual:

http://www.nominum.com/content/documents/bind9arm.pdf

I've also attached the migration notes.

Why Bind 9.2.X?

BIND version 9 is a major rewrite of nearly all aspects of the underlying BIND architecture. The Internet Software Consortium strongly recommends that you upgrade to BIND 9.2. This will avoid having to upgrade later as Bind 8 is no longer being developed and it is only a matter of time where, like it's predecessor Bind 4, will no longer be supported.

Some of the important features of BIND 9 are:

Features

DNS Security
DNSSEC (signed zones)
TSIG (signed DNS requests)
IP version 6
Answers DNS queries on IPv6 sockets
IPv6 resource records (A6, DNAME, etc.)
Bitstring Labels
Experimental IPv6 Resolver Library
DNS Protocol Enhancements
IXFR, DDNS, Notify, EDNS0
Improved standards conformance
Views
One server process can provide multiple "views" of the DNS namespace, e.g. an "inside" view to certain clients, and an "outside" view to others.
Multiprocessor Support
Improved Portability Architecture

Differences between Bind 9 and 8

BIND 8 is single-threaded, and does not answer queries during the start-up process. BIND 9 is natively multi-threaded, and doesn't have this problem.
Because BIND 8 is single-threaded, it cannot take advantage of multiple CPUs in a server. Because BIND 9 is natively multi-threaded, it can take advantage of multiple CPUs.
BIND 8 handles zone transfers through an external program, which may cause significant fork()/exec() overhead if used on the master. BIND 9 handles zone transfers internally, and does not have this problem.
BIND 8 only partially supports some of the security and IPv6 related extensions, while BIND 9 is the reference implementation for these features.
BIND 8 is the last in a long line of hacks on top of hacks on top of hacks, whereas BIND 9 is a complete ground-up rewrite, using new programming methods that try to help ensure that the kind of security bugs you could have with the old version simply are not possible any more.

One last thing - you may get some basic stats with the ndc command on bind 8:

# ndc stats

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Aupee Jean-Francois · ‎02-10-2004

Hi Geoff,

I didn't find ndc command on my HP
system ...

Best regards.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Dns statistics

Dns statistics