getting answers from DNS queries

Gaurav Kansal gaurav.kansal at nic.in
Tue May 3 08:56:02 UTC 2022 

Or if you are ready to take some pain, then take the mirror from the network side, parse the packets and you can achieve whaterver you want to do, build beautiful graphs, have reports and what not.
This will also help in reducing the load on your DNS node by disabling the logging completely and you can achieve high QPS.

One such tool which can do all for you is dnsmonster - https://github.com/mosajjal/dnsmonster <https://github.com/mosajjal/dnsmonster> . Just send mirror traffic to this and it will do everything for you.

Thanks,
Gaurav Kansal


> On 25-Apr-2022, at 22:15, m3047 at m3047.net wrote:
> 
> More specificity would help. OTOH you mentioned the word "compile"...
> 
> On Mon, 25 Apr 2022, King, Harold Clyde (Hal) via bind-users wrote:
>> I asked this last week, but I didn't an answer. Who can I tell if a DNS query is refused or answered? Is it in the log files?
> 
> Not the latest version of BIND (9.12), but here's what I get in the log:
> 
> 25-Apr-2022 06:54:33.353 debug 2: fetch completed at resolver.c:4176 for time.nist.gov/A in 10.000446: timed out/success [domain:nist.gov,referral:0,restart:1,qrysent:4,timeout:0,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]
> 25-Apr-2022 06:56:21.593 debug 2: fetch completed at resolver.c:4176 for time.nist.gov/A in 10.000430: timed out/success [domain:nist.gov,referral:0,restart:2,qrysent:10,timeout:0,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]
> 
> Here's the config for that:
> 
>    // Must start named with -d 2 for this to be activated,
>    // otherwise it's just silent.
>    channel queryerrors {
>        file "bind-query-errors.log" versions 2 size 20m;
>        severity debug 2;
>        print-category no;
>        print-severity yes;
>        print-time yes;
>    };
> 
> I would expect the information you seek to be available via Dnstap.
> 
> --
> 
> Fred Morris, internet plumber
> 
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220503/4069fa20/attachment.htm>

More information about the bind-users mailing list