named querylog, cache hit
Chris Buxton
cbuxton at menandmice.com
Mon May 25 04:19:40 UTC 2009
On May 19, 2009, at 2:12 AM, Anatoly Pugachev wrote:
> Hello!
>
> This is a request to enhancement.
>
> Is it possible to make named querylog log somehow if clients query hit
> the server cache or not, not regarding to other logged query options
> (like +EDC).
In the absence of such logging from BIND, this can be deduced from the
traffic, if a traffic sniffer is used and the results processed and
analyzed. The query and the response can be matched up based on the
query ID. If the 'aa' flag is not set in the response, the intervening
traffic can be examined looking for outbound queries with matching
name, class, and type. If there are none, then the query was answered
from cache.
3rd party traffic analysis software exists, including a commercial
offering from Men & Mice. If it does not already look for this
specific correlation, I'm pretty sure it would not too difficult to add.
Chris Buxton
Professional Services
Men & Mice
More information about the bind-users
mailing list