Detailed Log Analysis based on rndc stats!!
Shiva Raman
raman.shivag at gmail.com
Mon Jan 30 04:38:33 UTC 2012
Hi Peter
Thanks a lot for your reply. I had enabled query-errors with debug level 2
in my bind logging, now i am able to log all SERVFAIL related error logs in
query-errors.log. But i am unable to log the NXDOMAIN error logs .
Referring to Bind documentation, i enabled delegation-only option(which
Logs queries that have returned NXDOMAIN as the result of a delegation-only
zone or a delegation-only statement in a hint or stub zone declaration) ,
but this also not logging the NXDOMAIN errors. Kindly guide me whether any
additional parameters to be enabled in query-errors to log NXDOMAIN also.
Regards
Shiva Raman
On Tue, Jan 17, 2012 at 9:11 PM, Peter Andreev <andreev.peter at gmail.com>wrote:
>
> 2012/1/17 Shiva Raman <raman.shivag at gmail.com>
>
>> Hi All
>>
>> i am running Bind version 9.8.1 as an Authoritative Name server. From
>> the rndc.stats , i observe that there are some query failures happening
>> in the server. I am trying to get a detailed information of this query
>> failures, but the current logging options is not allowing me to get a
>> detailed
>> report on the reason of failure. I tried enabling detailed logs, but that
>> is also not providing me which all queries failed with NXDOMAIN ,
>> SERVFAIL....etc.
>>
>> Please find the ouptut of named.stats and Logging options enabled in
>> named.conf
>>
>> Output of /chroot/named/conf/named.stats
>> ------------------------------
>>
>> +++ Statistics Dump +++ (1326803941)
>> ++ Incoming Requests ++
>> 75808 QUERY
>> ++ Incoming Queries ++
>> 75786 A
>> 22 PTR
>> ++ Outgoing Queries ++
>> [View: default]
>> 7374 A
>> 13410 NS
>> 97 PTR
>> [View: _bind]
>> ++ Name Server Statistics ++
>> 75808 IPv4 requests received
>> 75781 requests with ADNS(0) received
>> 75019 responses sent
>> 75003 responses with ADNS(0) sent
>> 2848 queries resulted in successful answer
>> 72340 queries resulted in authoritative answer
>> 2239 queries resulted in non authoritative answer
>> 440 queries resulted in SERVFAIL
>> 71731 queries resulted in NXDOMAIN
>> 3466 queries caused recursion
>> 789 duplicate queries received
>> ++ Zone Maintenance Statistics ++
>> ++ Resolver Statistics ++
>> [Common]
>> [View: default]
>> 20881 IPv4 queries sent
>> 5283 IPv4 responses received
>> 111 NXDOMAIN received
>> 2533 SERVFAIL received
>> 16195 query retries
>> 15598 query timeouts
>> 450 IPv4 NS address fetches
>> 6 IPv4 NS address fetch failed
>> 4226 queries with RTT < 10ms
>> 17 queries with RTT 10-100ms
>> 869 queries with RTT 100-500ms
>> 82 queries with RTT 500-800ms
>> 37 queries with RTT 800-1600ms
>> 52 queries with RTT > 1600ms
>> [View: _bind]
>> ++ Cache DB RRsets ++
>> [View: default]
>> 72 A
>> 24 NS
>> 5 CNAME
>> 5 NXDOMAIN
>> [View: _bind (Cache: _bind)]
>> ++ Socket I/O Statistics ++
>> 20886 UDP/IPv4 sockets opened
>> 4 TCP/IPv4 sockets opened
>> 20883 UDP/IPv4 sockets closed
>> 3910 TCP/IPv4 sockets closed
>> 2 UDP/IPv4 socket bind failures
>> 20881 UDP/IPv4 connections established
>> 3911 TCP/IPv4 connections accepted
>> ++ Per Zone Query Statistics ++
>> --- Statistics Dump --- (1326803941)
>>
>>
>> Logging options in /etc/named.conf
>> ------------------------------------
>>
>>
>> // Logging options
>> logging {
>> // logging option for named process
>> channel "default_debug" {
>> file "/logs/named.log" versions 10 size 500m;
>> print-time yes;
>> print-category yes;
>> severity dynamic;
>> };
>>
>> channel "queries" { // logging option for queries to
>> named
>> file "/logs/query.log" versions 20 size 500m;
>> print-time yes;
>> print-category yes;
>> severity dynamic;
>> };
>>
>> category default { "default_debug"; };
>> category queries { null; }; // comment this line to log queries
>> category queries { "queries"; }; // uncomment this to log queries
>> category config { "default_debug"; };
>> category security { "default_debug"; };
>> category network { "default_debug"; };
>> category lame-servers { null; };
>> category general { null; };
>> category edns-disabled { null; };
>> };
>>
>>
>> -----------------------------------------------------------------------------------------------------------------------------------------------------------
>>
>> Kindly let me know the procedure to follow/options to enabled in logs to
>> get a detailed report of queries w.r.to the following lines.
>>
>> 440 queries resulted in SERVFAIL
>> 71731 queries resulted in NXDOMAIN
>> 6 IPv4 NS address fetch failed
>>
>> Thanks in advance.
>>
>> Regards
>>
>> ShivaRaman
>>
>>
>>
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>
> You should add "query-errors" category with severity debug 1 or greater.
> Refer to BIND's ARM, section 6.2.10.3 for further explanation.
>
> --
> --
> AP
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120130/4af52c98/attachment.html>
More information about the bind-users
mailing list