Bind stats - denied queries?

Karl Pielorz kpielorz_lst at
Tue Dec 1 16:25:16 UTC 2020

--On 1 December 2020 at 10:14:50 -0600 Chuck Aurora <ca at> wrote:

> On 2020-12-01 04:43, Karl Pielorz wrote:
>> So, as the original person that posted the question :)
>> My question still stands (I'd never presumed this was valid traffic) -
>> what I'm trying to find out if buried within the trove of stats
>> produced by 'rndc stats' is there any counter, that counts:
>> "
>> Nov 30 00:00:00 client @0xXXXXX X.X.X.X#48536 (.): query (cache)
>> './ANY/IN' denied
>> "
> I think you are asking the wrong question and looking at the wrong
> feature.  You can probably do what you're after with
> statistics-channels.
> tics-channels-statement-grammar

Thanks - I'll go check that out - it looks far better / correct than 
parsing the stats file.

As for the wrong question - I don't get why it's 'wrong' to ask if there's 
a better way of getting the total number of "denied" entries such as the 
one above, rather than 'cat /var/log/messages | grep | wc -l' type affair ? 
- Unless 'denied' effectively appears as some other stat already?

At this stage we're trying to work out how much traffic is getting denied 
(as it's likely junk) vs. regular responses etc.


More information about the bind-users mailing list