Interpreting query logs
Kevin Darcy
kcd at daimlerchrysler.com
Sat Feb 25 00:37:27 UTC 2006
Skeeve Stevens wrote:
>Can anyone explain what all these mean please.
>
>client x.x.22.99#1025: query: xxx.net IN MX -E
>client x.x.209.6#1080: query: www.xxx IN A -
>client x.x.50.145#48690: query: events.xxx IN A -E
>client x.x.131.8#1027: query: xxx IN MX +
>client x.x.80.10#32785: query: intzzel.xxx.net IN A +
>client x.x.80.10#32785: query: zz.xxx.net IN MX +
>
>
>MX -E
>A -
>A - E
>MX +
>A +
>
>And so on?
>
MX and A are QTYPEs. + or - indicates whether the Recursion Desired (RD)
flag was set on the query. "E" indicates whether EDNS was in use. "S"
(not shown in your example) would indicate that the query was signed.
This is all documented under the "queries" category in the "logging"
section of the ARM.
- Kevin
More information about the bind-users
mailing list