How to measure use of forwarders?

Carsten Strotmann carsten at
Fri Nov 19 05:58:00 UTC 2021

Hello Richard,

"Parkin, Richard (R.)" <rparki21 at> writes:

> Hello!
> We recently re-addressed some of our external-facing cache 
> servers into a new network and discovered that our IPs
> appear to be blackholed going to certain third-party auth 
> servers, either intentionally or unintentionally.  Our
> workaround while we sort through these issues is implementing 
> forwarders.
> I’d like to understand how much traffic is flowing to each 
> forwarder (QPS, etc) and monitor that for any issues.  Is
> there a way to do that effectively in Bind without putting some 
> kind of network device on the outbound path to
> measure it?  If not, does anyone have any suggestions?

I've done a webinar this week for ISC on the topic of 
"Instrumenting BIND 9
on Linux with BCC/eBPF". In this webinar, I've used logging of 
decisions as one example to instrument BIND 9 with eBPF. The 
script I've presented might work as a starting point to create 
BIND 9 logging for forwarding operations, which does not slow down 
the operation of
the BIND 9 server itself.

A recording of the webinar is available at



More information about the bind-users mailing list