Detailed Log Analysis based on rndc stats!!

Shiva Raman raman.shivag at gmail.com
Mon Jan 30 04:38:33 UTC 2012


Hi Peter

Thanks a lot for your reply. I had enabled query-errors with debug level 2
in my bind logging, now i am able to log all SERVFAIL related error logs in
query-errors.log. But i am unable to log the NXDOMAIN error logs .
   Referring to Bind documentation, i enabled delegation-only option(which
Logs queries that have returned NXDOMAIN as the result of a delegation-only
zone or a delegation-only statement in a hint or stub zone declaration) ,
but this also not logging the NXDOMAIN errors. Kindly guide me whether any
additional parameters to be enabled in query-errors to log NXDOMAIN also.

Regards

Shiva Raman

On Tue, Jan 17, 2012 at 9:11 PM, Peter Andreev <andreev.peter at gmail.com>wrote:

>
> 2012/1/17 Shiva Raman <raman.shivag at gmail.com>
>
>>  Hi All
>>
>>  i am running  Bind version 9.8.1  as an Authoritative Name server. From
>> the rndc.stats , i observe that there are some query failures happening
>> in the server. I am trying to get a detailed information of this query
>> failures, but the current logging options is not allowing me to get a
>> detailed
>> report on the reason of failure. I tried enabling detailed logs, but that
>> is also not providing me which all queries failed with  NXDOMAIN ,
>> SERVFAIL....etc.
>>
>>  Please find  the ouptut of named.stats and Logging options enabled in
>> named.conf
>>
>> Output of /chroot/named/conf/named.stats
>> ------------------------------
>>
>> +++ Statistics Dump +++ (1326803941)
>> ++ Incoming Requests ++
>>                75808 QUERY
>> ++ Incoming Queries ++
>>                75786 A
>>                   22 PTR
>> ++ Outgoing Queries ++
>> [View: default]
>>                 7374 A
>>                13410 NS
>>                   97 PTR
>> [View: _bind]
>> ++ Name Server Statistics ++
>>                75808 IPv4 requests received
>>                75781 requests with ADNS(0) received
>>                75019 responses sent
>>                75003 responses with ADNS(0) sent
>>                 2848 queries resulted in successful answer
>>                72340 queries resulted in authoritative answer
>>                 2239 queries resulted in non authoritative answer
>>                  440 queries resulted in SERVFAIL
>>                71731 queries resulted in NXDOMAIN
>>                 3466 queries caused recursion
>>                  789 duplicate queries received
>> ++ Zone Maintenance Statistics ++
>> ++ Resolver Statistics ++
>> [Common]
>> [View: default]
>>                20881 IPv4 queries sent
>>                 5283 IPv4 responses received
>>                  111 NXDOMAIN received
>>                 2533 SERVFAIL received
>>                16195 query retries
>>                15598 query timeouts
>>                  450 IPv4 NS address fetches
>>                    6 IPv4 NS address fetch failed
>>                 4226 queries with RTT < 10ms
>>                   17 queries with RTT 10-100ms
>>                  869 queries with RTT 100-500ms
>>                   82 queries with RTT 500-800ms
>>                   37 queries with RTT 800-1600ms
>>                   52 queries with RTT > 1600ms
>> [View: _bind]
>> ++ Cache DB RRsets ++
>> [View: default]
>>                   72 A
>>                   24 NS
>>                    5 CNAME
>>                    5 NXDOMAIN
>> [View: _bind (Cache: _bind)]
>> ++ Socket I/O Statistics ++
>>                20886 UDP/IPv4 sockets opened
>>                    4 TCP/IPv4 sockets opened
>>                20883 UDP/IPv4 sockets closed
>>                 3910 TCP/IPv4 sockets closed
>>                    2 UDP/IPv4 socket bind failures
>>                20881 UDP/IPv4 connections established
>>                 3911 TCP/IPv4 connections accepted
>> ++ Per Zone Query Statistics ++
>> --- Statistics Dump --- (1326803941)
>>
>>
>> Logging options in /etc/named.conf
>> ------------------------------------
>>
>>
>> // Logging options
>> logging {
>>         // logging option for named  process
>>         channel "default_debug" {
>>         file "/logs/named.log" versions 10 size 500m;
>>         print-time yes;
>>         print-category yes;
>>         severity dynamic;
>>         };
>>
>>             channel "queries" {         // logging option for queries to
>> named
>>             file "/logs/query.log" versions 20 size 500m;
>>             print-time yes;
>>             print-category yes;
>>             severity dynamic;
>>         };
>>
>>       category default { "default_debug"; };
>>       category queries { null; };   // comment this line to log queries
>>       category queries { "queries"; };    // uncomment this to log queries
>>       category config { "default_debug"; };
>>       category security { "default_debug"; };
>>       category network { "default_debug"; };
>>       category lame-servers { null; };
>>       category general { null; };
>>       category edns-disabled { null; };
>>  };
>>
>>
>> -----------------------------------------------------------------------------------------------------------------------------------------------------------
>>
>> Kindly let me know the procedure to follow/options to enabled in logs  to
>> get a detailed report of queries w.r.to  the following lines.
>>
>>    440 queries resulted in SERVFAIL
>>    71731 queries resulted in NXDOMAIN
>>    6 IPv4 NS address fetch failed
>>
>> Thanks in advance.
>>
>> Regards
>>
>> ShivaRaman
>>
>>
>>
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>
> You should add "query-errors" category with severity debug 1 or greater.
> Refer to BIND's ARM, section 6.2.10.3 for further explanation.
>
> --
> --
> AP
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120130/4af52c98/attachment.html>


More information about the bind-users mailing list