Bind stats - denied queries?
kpielorz_lst at tdx.co.uk
Tue Dec 1 10:43:33 UTC 2020
--On 30 November 2020 at 08:53:27 -0600 Lyle Giese <lyle at lcrcomputer.net>
> Be careful 'rejecting' these outright. These queries are UDP
> traffic(not TCP) and the source address is easily forged. RRL is the
> correct way to limit these.
So, as the original person that posted the question :)
My question still stands (I'd never presumed this was valid traffic) - what
I'm trying to find out if buried within the trove of stats produced by
'rndc stats' is there any counter, that counts:
Nov 30 00:00:00 client @0xXXXXX X.X.X.X#48536 (.): query (cache)
i.e. 'Denied' queries. I can see stats for pretty much everything, e.g.
Queried, notified, all the different record types - there's a block in the
stats file of:
749045 queries resulted in nxrrset
45 queries resulted in SERVFAIL
15291 queries resulted in NXDOMAIN
But I was expecting to see something like:
34343 queries resulted in DENIED
But I can't see it - or anything that's really applicable?
And, as everyone else is talking about RRL - is there a stat that would
appear for that, e.g.
234829 queries resulted in RATELIMIT
Currently we're just trying to easily graph the DENIED queries to see how
much of the total traffic it is.
More information about the bind-users