How to get the DNS server statistics ?
Environment
- Red Hat Enterprise Linux 5
- bind-9.3.6-20.P1.el5
- bind97-*
- Red hat Enterprise Linux 6
- bind-*
- Red hat Enterprise Linux 7
- bind-*
- Red hat Enterprise Linux 8
- bind-*
- bind9.16-*
- Red hat Enterprise Linux 9
- bind-*
Issue
- How to get the DNS server statistics ?
Resolution
- On Red Hat Enterprise Linux with Bind 9.0, the configuration file of bind actually defines the place where cache content and stat content stored as below
- On Red Hat Enterprise Linux 5, after installing bind-chroot and caching-nameserver packages modify /var/named/chroot/etc/named.caching-nameserver.conf
- On Red Hat Enterprise Linux 6 or later, after installing just bind or bind-chroot packages modify /etc/named.conf
# cat /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
recursion yes;
allow-query { localhost; };
};
- On Red Hat Enterprise Linux 5 change directory into chroot. Because bind-chroot is installed, it is necessary to cd into its full path /var/named/chroot/var/named/data, and run rndc commands as below:
# cd /var/named/chroot/var/named/data
# rndc dumpdb
# rndc stats
- On Red Hat Enterprise Linux 7 or later rndc command will work from anywhere. Data are shared from chroot into /var/named/data.
# rndc dumpdb
# rndc stats
-
Then in the /var/named/data, there will be 3 files: cache_dump.db and named_stats.txt created automatically. All of them are plain text and can be read directly.
-
Example named_stats.txt file:
+++ Statistics Dump +++ (1679592054)
++ Incoming Requests ++
7 QUERY
++ Incoming Queries ++
5 A
2 AAAA
++ Outgoing Rcodes ++
7 NOERROR
++ Outgoing Queries ++
[View: default]
2 A
19 NS
1 AAAA
4 DS
8 DNSKEY
[View: _bind]
++ Name Server Statistics ++
7 IPv6 requests received
7 requests with EDNS(0) received
2 TCP requests received
4 TCP connection high-water
7 responses sent
7 responses with EDNS(0) sent
7 queries resulted in successful answer
7 queries resulted in non authoritative answer
3 queries caused recursion
5 UDP queries received
2 TCP queries received
7 COOKIE option received
7 COOKIE - client only
++ Zone Maintenance Statistics ++
++ Resolver Statistics ++
[Common]
[View: default]
17 IPv4 queries sent
17 IPv6 queries sent
17 IPv4 responses received
4 truncated responses received
20 query retries
17 query timeouts
12 DNSSEC validation attempted
12 DNSSEC validation succeeded
13 queries with RTT < 10ms
3 queries with RTT 10-100ms
1 queries with RTT 100-500ms
32 bucket size
15 COOKIE send with client cookie only
13 COOKIE sent with client and server cookie
15 COOKIE replies received
15 COOKIE client ok
[View: _bind]
32 bucket size
++ Cache Statistics ++
[View: default]
327 cache hits
57 cache misses
82 cache hits (from query)
3 cache misses (from query)
0 cache records deleted due to memory exhaustion
0 cache records deleted due to TTL expiration
19 cache database nodes
64 cache database hash buckets
287784 cache tree memory total
40392 cache tree memory in use
40448 cache tree highest memory in use
376832 cache heap memory total
115712 cache heap memory in use
115712 cache heap highest memory in use
[View: _bind (Cache: _bind)]
0 cache hits
0 cache misses
0 cache hits (from query)
0 cache misses (from query)
0 cache records deleted due to memory exhaustion
0 cache records deleted due to TTL expiration
0 cache database nodes
64 cache database hash buckets
287784 cache tree memory total
21616 cache tree memory in use
29888 cache tree highest memory in use
262144 cache heap memory total
1024 cache heap memory in use
1024 cache heap highest memory in use
++ Cache DB RRsets ++
[View: default]
15 A
1 NS
14 AAAA
4 DS
13 RRSIG
5 DNSKEY
[View: _bind (Cache: _bind)]
++ ADB stats ++
[View: default]
1021 Address hash table size
28 Addresses in hash table
1021 Name hash table size
13 Names in hash table
[View: _bind]
1021 Address hash table size
1021 Name hash table size
++ Socket I/O Statistics ++
14 UDP/IPv4 sockets opened
18 UDP/IPv6 sockets opened
6 TCP/IPv4 sockets opened
2 TCP/IPv6 sockets opened
1 Raw sockets opened
13 UDP/IPv4 sockets closed
17 UDP/IPv6 sockets closed
5 TCP/IPv4 sockets closed
2 TCP/IPv6 sockets closed
13 UDP/IPv4 connections established
17 UDP/IPv6 connections established
4 TCP/IPv4 connections established
2 TCP/IPv4 connections accepted
2 TCP/IPv6 connections accepted
1 UDP/IPv4 sockets active
1 UDP/IPv6 sockets active
3 TCP/IPv4 sockets active
2 TCP/IPv6 sockets active
1 Raw sockets active
++ Per Zone Query Statistics ++
--- Statistics Dump --- (1679592054)
-
The statistic provided by
named_statsfile are overall stats.
Currently there is no feature in bind shipped by Red Hat to get this stats on per minute, hour and day basis. -
you can use
rndc statusto get the status of the server
# rndc status
version: BIND 9.11.36-RedHat-9.11.36-8.el8 (Extended Support Version) <id:68dbd5b>
running on ***.com: Linux x86_64 4.18.0-477.3.1.el8.x86_64 #1 SMP Mon Mar 13 14:35:50 EDT 2023
boot time: Thu, 23 Mar 2023 17:14:42 GMT
last configured: Thu, 23 Mar 2023 17:14:42 GMT
configuration file: /etc/named.conf
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 103 (97 automatic)
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/900/1000
tcp clients: 2/150
TCP high-water: 2
server is up and running
- While bind does not have a functionality to log this information automatically as it logs queries, it is possible to achieve this by using the logger command:
# logger -t named `rndc status`
This will log to syslog the output of rndc status in one line, with a tag of *named*.
- If you're using bind 9.5 or above (using bind97 package on RHEL5, or using bind on RHEL6), you can also use
statistics-channelsto get statistics via http.
- modify named.conf file
options {
// <..SNIP..>
}
// Add following statements:
statistics-channels {
inet 127.0.0.1 port 8008 allow { 127.0.0.1; };
};
- On Red Hat Enterprise Linux 7 or later, allow named to bind http ports. Skip this step on previous versions or if SELinux is disabled.
# setsebool -P named_tcp_bind_http_port on
- restart named service
# service named restart
- access http://localhost:8008 with browser on the DNS server
Since RHEL 8.4 named can also provide statistics in JSON format on address http://localhost:8008/json
- Refer the below links which may help implement the requirement:
Monitoring Recommendations from ISC
dnstop
bindgraph
NOTE: Above given link are not Red Hat article and we do not support, its just for the reference.
Or as a workaround one can dump the statistics after some interval using rndc stats through cron jobs.
Once cron job dump/backup the file, parse file after some time accordingly.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments