Logging Exploration
Brad Knowles
brad.knowles at skynet.be
Tue Mar 27 10:01:27 UTC 2001
At 4:57 PM -0500 3/27/01, Thomas Duterme wrote:
> I'm very curious to hear what the other, more experienced DNS admins
> use logging for and how they monitor these logs. (periodic manual
> scans, cronjob scripts, etc.)
Some people use tools like "lamers" or "dnsstats" (see
<http://www.shub-internet.org/brad/dns/>) via daily cron jobs to
monitor their log files.
In the case of "lamers", monitoring whose nameservers appear to
be "lame delegations" is a good way to keep an eye on which
nameservers in the world are screwed up.
This way, when someone comes to you with a problem getting mail
to their domain (or whatever), you're more likely to already know
about the domain in question, and you can immediately answer
off-the-cuff "Yeah, they've got a lame delegation on server X.Y.Z,
but odds are they've probably also got other problems, too...."
If you start looking into these problems in more detail (using
tools like "doc", "dnswalk", "nslint", etc...) against the zones that
show up in a tool like "lamers", you'll start learning more about how
the DNS works, etc....
In the case of "dnsstats", you can get a very good idea where
your queries are coming from, which machines are placing what load on
your servers, and this can help you do proper capacity planning,
etc.... This can also help you determine when a machine might be
misconfigured, because you see it doing the same queries over, and
over, and over again and all within a very short period of time.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list