DNS traffic accounting

Abi Askushi rightkicktech at gmail.com
Wed Jul 19 10:20:03 UTC 2017

I enabled logging for the queries and am getting now queries from clients
in the below form:

19-Jul-2017 10:11:29.310 client view auth: query:
mobile.in.gr IN A + (
19-Jul-2017 10:11:29.794 client view auth: query:
static.adman.gr IN A + (
19-Jul-2017 10:11:31.564 client view auth: query:
android.clients.google.com IN A + (
19-Jul-2017 10:11:32.721 client view auth: query:
mobilefeed.in.gr IN A + (
19-Jul-2017 10:11:39.440 client view auth: query:
stats.g.doubleclick.net IN A + (
19-Jul-2017 10:11:44.523 client view auth: query:
mqtt-mini.facebook.com IN A + (
19-Jul-2017 10:11:51.429 client view auth: query:
www.googleapis.com IN A + (
19-Jul-2017 10:11:55.603 client view auth: query:
clients3.google.com IN A + (
19-Jul-2017 10:11:57.352 client view auth: query:
clients4.google.com IN A + (
19-Jul-2017 10:11:57.353 client view auth: query:
clients4.google.com IN A + (
19-Jul-2017 10:12:06.365 client view auth: query:
graph.instagram.com IN A + (

I could count the queries by parsing the logs though this seems to be
somehow inefficient.
Is there any way that bind9 could be queries otherwise to provide such info?

Many thanx,

On Wed, Jul 19, 2017 at 12:04 AM, Abi Askushi <rightkicktech at gmail.com>

> This could do.
> I just have to get those counters.
> Thanx,
> Abi
> On Jul 18, 2017 18:37, "Matthew Seaman" <m.seaman at infracaninophile.co.uk>
> wrote:
> On 07/18/17 16:09, Abi Askushi wrote:
> > I am trying to figure out how could I account the DNS traffic generated
> > from clients in terms of bytes. My setup is a simple caching DNS with
> > several clients querying the DNS server.  I can measure the DNS traffic
> > that is generated from the DNS server on the WAN side by using some
> > monitoring tool (pmacct) but I am not sure how could I account this
> traffic
> > to the clients that are generating this traffic. By simply monitoring the
> > internal DNS traffic from clients I expect to not be accurate since it
> will
> > include also cached responses which do not generate WAN traffic.
> >
> > Any suggestion how to approach this problem?
> The implication of what you're suggesting is that if client A looks up
> some address that isn't in the cache, then they will be charged for
> that. However, if client B then comes along and looks up the exact same
> address shortly afterwards, they'll get a response from cache and so not
> be charged.  That seems a bit arbitrary.
> Why not charge your clients based simply on the number of queries they
> make against your resolver?  You know or can easily find out how many
> queries your resolver is handling in total and how much the WAN traffic
> that generates is costing you so it should be fairly easy to come up
> with a charging scheme based on the average cost per DNS query.
>         Cheers,
>         Matthew
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170719/27fc8900/attachment.html>

More information about the bind-users mailing list