Detailed Log Analysis based on rndc stats!!
Shiva Raman
raman.shivag at gmail.com
Tue Jan 17 13:31:05 UTC 2012
Hi All
i am running Bind version 9.8.1 as an Authoritative Name server. From
the rndc.stats , i observe that there are some query failures happening
in the server. I am trying to get a detailed information of this query
failures, but the current logging options is not allowing me to get a
detailed
report on the reason of failure. I tried enabling detailed logs, but that
is also not providing me which all queries failed with NXDOMAIN ,
SERVFAIL....etc.
Please find the ouptut of named.stats and Logging options enabled in
named.conf
Output of /chroot/named/conf/named.stats
------------------------------
+++ Statistics Dump +++ (1326803941)
++ Incoming Requests ++
75808 QUERY
++ Incoming Queries ++
75786 A
22 PTR
++ Outgoing Queries ++
[View: default]
7374 A
13410 NS
97 PTR
[View: _bind]
++ Name Server Statistics ++
75808 IPv4 requests received
75781 requests with ADNS(0) received
75019 responses sent
75003 responses with ADNS(0) sent
2848 queries resulted in successful answer
72340 queries resulted in authoritative answer
2239 queries resulted in non authoritative answer
440 queries resulted in SERVFAIL
71731 queries resulted in NXDOMAIN
3466 queries caused recursion
789 duplicate queries received
++ Zone Maintenance Statistics ++
++ Resolver Statistics ++
[Common]
[View: default]
20881 IPv4 queries sent
5283 IPv4 responses received
111 NXDOMAIN received
2533 SERVFAIL received
16195 query retries
15598 query timeouts
450 IPv4 NS address fetches
6 IPv4 NS address fetch failed
4226 queries with RTT < 10ms
17 queries with RTT 10-100ms
869 queries with RTT 100-500ms
82 queries with RTT 500-800ms
37 queries with RTT 800-1600ms
52 queries with RTT > 1600ms
[View: _bind]
++ Cache DB RRsets ++
[View: default]
72 A
24 NS
5 CNAME
5 NXDOMAIN
[View: _bind (Cache: _bind)]
++ Socket I/O Statistics ++
20886 UDP/IPv4 sockets opened
4 TCP/IPv4 sockets opened
20883 UDP/IPv4 sockets closed
3910 TCP/IPv4 sockets closed
2 UDP/IPv4 socket bind failures
20881 UDP/IPv4 connections established
3911 TCP/IPv4 connections accepted
++ Per Zone Query Statistics ++
--- Statistics Dump --- (1326803941)
Logging options in /etc/named.conf
------------------------------------
// Logging options
logging {
// logging option for named process
channel "default_debug" {
file "/logs/named.log" versions 10 size 500m;
print-time yes;
print-category yes;
severity dynamic;
};
channel "queries" { // logging option for queries to
named
file "/logs/query.log" versions 20 size 500m;
print-time yes;
print-category yes;
severity dynamic;
};
category default { "default_debug"; };
category queries { null; }; // comment this line to log queries
category queries { "queries"; }; // uncomment this to log queries
category config { "default_debug"; };
category security { "default_debug"; };
category network { "default_debug"; };
category lame-servers { null; };
category general { null; };
category edns-disabled { null; };
};
-----------------------------------------------------------------------------------------------------------------------------------------------------------
Kindly let me know the procedure to follow/options to enabled in logs to
get a detailed report of queries w.r.to the following lines.
440 queries resulted in SERVFAIL
71731 queries resulted in NXDOMAIN
6 IPv4 NS address fetch failed
Thanks in advance.
Regards
ShivaRaman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120117/cda6dd67/attachment.html>
More information about the bind-users
mailing list