Unknown Query types
Jim Reid
jim at rfc1035.com
Tue Jan 11 22:58:17 UTC 2000
>>>>> "Robert" == Robert Annandale <snarfle99 at hotmail.com> writes:
Robert> I was presented with the following output in
Robert> /usr/lib/named/named.stats. 'Unknown query types' was
Robert> alarmingly high in ratio to 'time since boot'
Robert> I could not find anything within the FAQ's, but my book
Robert> did suggest someone may be experimenting with new types or
Robert> there was perhaps defective implementation somewhere...
The queries are coming from a defective implementation. If you enable
query logging on your name server, you will find out the IP
address(es) of the hosts that are sending these broken queries.
If you look at the code in ns_stats.c, you'll see that the name server
keeps a count of each query type it receives. This is what gets
prettily printed in the stats dump file. Queries sent with a type code
of zero are listed as 'Unknown query types'. IIRC, 0 is not defined as
a valid query type so nothing should be sending DNS queries with the
QTYPE field set to zero. So some idiot software is asking your name
server for something that can't be proper query type: ie it's not an
A, MX, SOA, PTR, CNAME, etc record.
Experimental queries that use a non-zero but unassigned query type
don't get counted as "unknown query types". They should get printed as
something like "456 123 queries" in the stats dump: 456 queries of
qtype 123. [And before some pedant jumps in, I've not bothered to
check if qtype 123 has been assigned to some new exotic resource
record.] Similar output is produced in the regular STATS report by
syslog.
More information about the bind-users
mailing list