Bind stats - denied queries?
Karl Pielorz
kpielorz_lst at tdx.co.uk
Tue Dec 1 16:25:16 UTC 2020
--On 1 December 2020 at 10:14:50 -0600 Chuck Aurora <ca at nodns4.us> wrote:
> On 2020-12-01 04:43, Karl Pielorz wrote:
>> So, as the original person that posted the question :)
>>
>> My question still stands (I'd never presumed this was valid traffic) -
>> what I'm trying to find out if buried within the trove of stats
>> produced by 'rndc stats' is there any counter, that counts:
>>
>> "
>> Nov 30 00:00:00 client @0xXXXXX X.X.X.X#48536 (.): query (cache)
>> './ANY/IN' denied
>> "
>
> I think you are asking the wrong question and looking at the wrong
> feature. You can probably do what you're after with
> statistics-channels.
>
> https://ftp.isc.org/isc/bind9/cur/9.16/doc/arm/html/reference.html#statis
> tics-channels-statement-grammar
Thanks - I'll go check that out - it looks far better / correct than
parsing the stats file.
As for the wrong question - I don't get why it's 'wrong' to ask if there's
a better way of getting the total number of "denied" entries such as the
one above, rather than 'cat /var/log/messages | grep | wc -l' type affair ?
- Unless 'denied' effectively appears as some other stat already?
At this stage we're trying to work out how much traffic is getting denied
(as it's likely junk) vs. regular responses etc.
-Karl
More information about the bind-users
mailing list