Mining Data From named Logs
Martin McCormick
martin at dc.cis.okstate.edu
Thu Oct 2 19:13:16 UTC 2008
Do very many people on this list use the information from
named's logs to learn about things that are not directly related
to the operation of named?
I look for "no recursive clients" messages because you
never see them when we are not having network trouble except,
maybe, on the rare occasion where a compromised or broken host
makes as many queries as it is physically capable of making per
second. Yes, recursion is bad but we can't really turn it off so
we turn it off for anybody outside our network. You should see
all the attempts all the time!
I recently turned on query logging on our master and
slave which are both fast Del 2950's and it looks as if we
can possibly tell if certain systems have stopped working due to
a lack of queries from them. Our campus mail gateway, for
example, hits the master over 60 times per second during a
business day. I don't know what that drops off to at nights or
on a major US holiday, but I bet it is still several times per
second.
For anyone else thinking of doing this, be careful of
storage space. Our master gulped down 100 megabytes of disk
space in less than 15 minutes so you had better watch it and set
the logging limits to something you know you can handle.
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology Department Telecommunications Services Group
More information about the bind-users
mailing list