Detailed Log Analysis based on rndc stats!!

Peter Andreev andreev.peter at gmail.com
Tue Jan 17 15:41:14 UTC 2012 

2012/1/17 Shiva Raman <raman.shivag at gmail.com>

> Hi All
>
>  i am running  Bind version 9.8.1  as an Authoritative Name server. From
> the rndc.stats , i observe that there are some query failures happening
> in the server. I am trying to get a detailed information of this query
> failures, but the current logging options is not allowing me to get a
> detailed
> report on the reason of failure. I tried enabling detailed logs, but that
> is also not providing me which all queries failed with  NXDOMAIN ,
> SERVFAIL....etc.
>
>  Please find  the ouptut of named.stats and Logging options enabled in
> named.conf
>
> Output of /chroot/named/conf/named.stats
> ------------------------------
>
> +++ Statistics Dump +++ (1326803941)
> ++ Incoming Requests ++
>                75808 QUERY
> ++ Incoming Queries ++
>                75786 A
>                   22 PTR
> ++ Outgoing Queries ++
> [View: default]
>                 7374 A
>                13410 NS
>                   97 PTR
> [View: _bind]
> ++ Name Server Statistics ++
>                75808 IPv4 requests received
>                75781 requests with ADNS(0) received
>                75019 responses sent
>                75003 responses with ADNS(0) sent
>                 2848 queries resulted in successful answer
>                72340 queries resulted in authoritative answer
>                 2239 queries resulted in non authoritative answer
>                  440 queries resulted in SERVFAIL
>                71731 queries resulted in NXDOMAIN
>                 3466 queries caused recursion
>                  789 duplicate queries received
> ++ Zone Maintenance Statistics ++
> ++ Resolver Statistics ++
> [Common]
> [View: default]
>                20881 IPv4 queries sent
>                 5283 IPv4 responses received
>                  111 NXDOMAIN received
>                 2533 SERVFAIL received
>                16195 query retries
>                15598 query timeouts
>                  450 IPv4 NS address fetches
>                    6 IPv4 NS address fetch failed
>                 4226 queries with RTT < 10ms
>                   17 queries with RTT 10-100ms
>                  869 queries with RTT 100-500ms
>                   82 queries with RTT 500-800ms
>                   37 queries with RTT 800-1600ms
>                   52 queries with RTT > 1600ms
> [View: _bind]
> ++ Cache DB RRsets ++
> [View: default]
>                   72 A
>                   24 NS
>                    5 CNAME
>                    5 NXDOMAIN
> [View: _bind (Cache: _bind)]
> ++ Socket I/O Statistics ++
>                20886 UDP/IPv4 sockets opened
>                    4 TCP/IPv4 sockets opened
>                20883 UDP/IPv4 sockets closed
>                 3910 TCP/IPv4 sockets closed
>                    2 UDP/IPv4 socket bind failures
>                20881 UDP/IPv4 connections established
>                 3911 TCP/IPv4 connections accepted
> ++ Per Zone Query Statistics ++
> --- Statistics Dump --- (1326803941)
>
>
> Logging options in /etc/named.conf
> ------------------------------------
>
>
> // Logging options
> logging {
>         // logging option for named  process
>         channel "default_debug" {
>         file "/logs/named.log" versions 10 size 500m;
>         print-time yes;
>         print-category yes;
>         severity dynamic;
>         };
>
>             channel "queries" {         // logging option for queries to
> named
>             file "/logs/query.log" versions 20 size 500m;
>             print-time yes;
>             print-category yes;
>             severity dynamic;
>         };
>
>       category default { "default_debug"; };
>       category queries { null; };   // comment this line to log queries
>       category queries { "queries"; };    // uncomment this to log queries
>       category config { "default_debug"; };
>       category security { "default_debug"; };
>       category network { "default_debug"; };
>       category lame-servers { null; };
>       category general { null; };
>       category edns-disabled { null; };
>  };
>
>
> -----------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Kindly let me know the procedure to follow/options to enabled in logs  to
> get a detailed report of queries w.r.to  the following lines.
>
>    440 queries resulted in SERVFAIL
>    71731 queries resulted in NXDOMAIN
>    6 IPv4 NS address fetch failed
>
> Thanks in advance.
>
> Regards
>
> ShivaRaman
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>

You should add "query-errors" category with severity debug 1 or greater.
Refer to BIND's ARM, section 6.2.10.3 for further explanation.

-- 
--
AP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120117/f118b34f/attachment.html>

More information about the bind-users mailing list