How can I log how much bandwidth is being used by lookups?

Simon Waters Simon at
Fri Jan 30 20:56:03 UTC 2004

Kevin Darcy wrote:
> When I say "rough idea", I mean that the "sending TCP message" numbers 
> don't include TCP overhead, such as ACKs, retransmissions, and so forth.
The only time I've seen the zone transfers be a bandwidth hog was the
old Microsoft NT DNS server which would retry a zone transfer
immediately if it had bad data in it - BIND is better behaved in these
situations. But then I haven't tried slaving relay blocking lists.

I'm assuming this wouldn't include the SOA queries to get the zone
serial, or any queries for the zone in question (although I guess they
can be estimated from the stats).

On Linux you have counters in IPTables which can be used to gather
information on bandwidth, as I know a local LUG group member uses it for
billing purposes at the ISP he runs (overflowing the counters was a
problem at the time), although it could end up a lot more arcane than
Kevin's approach it would probably be relatively easy to account all
traffic to port 53 on the master. I dare say other packet logging would
do the trick as well (tcpdump dst port 53 and host ...)

In these days of incremental zone transfer there is no reason they
should be very big unless the zone changes dramatically.

-- Attached file included as plaintext by Ecartis --

Comment: Using GnuPG with Mozilla -


More information about the bind-users mailing list