Stats
Kevin Darcy
kcd at daimlerchrysler.com
Mon Oct 16 20:17:41 UTC 2000
bonggo at rocketmail.com wrote:
> On 13 Oct 2000 18:07:30 -0700, Kevin Darcy <kcd at daimlerchrysler.com>
> wrote:
>
> >
> >Do you need more detail than the XSTATS and NSTATS statistics which are
> >sent to syslog (by default) every hour (by default)?
> >
> >
> >- Kevin
> >
> >bonggo at rocketmail.com wrote:
> >
> >> Hello,
> >>
> >> Are there any tools that can provide stats by using the logfiles?
> >> I tried one called "dnsstats" but had no success. I'd like to find out
> >> things like how many queries are being done and general stats like
> >> that. Thanks.
> >>
> >> -joe-
>
> Kevin,
>
> I'm buying the O'Reilly book for DNS soon, is there a website in the
> meantime that outlines what those syslog entries (XSTATS/NSTATS etc)
> mean.
Other than reading the source, you mean? :-)
NSTATS is fairly self-explanatory: it just gives counts of how many queries
were received of each type.
XSTATS is a little more obscure, consisting of counts in a bunch of
categories labeled with not-very-intuitive mnemonics. The main categories
I look at are RQ (Received Queries), SAns (Answers Sent) and SNaAns
(non-authoritative answers sent, which when correlated to SAns, gives you an
idea of how much caching is helping you). All of the "R" categories, by the
way, are things that were received by the nameserver; all of the
"S" categories are for things sent. Hopefully that gives you a bit of a
handle on things, at least until you get the book...
To tell the truth, though, I find the NSTATS/XSTATS to be of marginal value.
I pay much more attention to the summarized and sorted stats produced daily
on all of my nameservers from the querylog output, which I mail to myself.
They tell me the biggest queriers and the most frequent queries. This helps
me track down misconfigured DNS consumers and keep my traffic down to a
reasonable, balanced level. (It was through these statistics that I acquired
my loathing of the "searchlist" resolver misfeature). Unfortunately, my
log-munging scripts are technically DaimlerChrysler property, so I'd have to
go through a ton of bureaucracy to get them released to the public domain,
if that would be even possible. But the scripts really aren't that complex.
It shouldn't be difficult to re-create something similar. One sage word of
advice, though: sometimes "/" appears in a (malformed) query (especially
queries that begin "http://"), so be careful in how you use that character
as a separator for parsing the querylog output.
- Kevin
More information about the bind-users
mailing list