sampled query logs?
Paul Vixie
Paul_Vixie at isc.org
Wed Jun 11 04:43:54 UTC 2008
comments on the utility of such a feature, anybody?
re:
Date: Tue, 10 Jun 2008 23:13:14 -0500
From: John Kristoff <jtk at ultradns.net>
On Tue, 10 Jun 2008 16:36:22 +0000, Paul Vixie <paul at vix.com> wrote:
> i really like dnscap. DW or i could add sampling to that for you, and
> it could be used as a developmental foundation for "dnsflow". and the
> result would be dns implementation independent. what's not to like?
That's all well and good, but I think some people might like query log
sampling in their BIND resolver. This seems to work so I guess people
could just apply a hacky patch like this if they were so inclined, but
a standard config option supported by ISC with this as a feature would
still be nice IMHO:
$ diff -u bind-9.5.0/bin/named/query.c bind-9.5.0-jtk/bin/named/query.c
--- bind-9.5.0/bin/named/query.c
+++ bind-9.5.0-jtk/bin/named/query.c
@@ -58,6 +58,9 @@
#include <named/sortlist.h>
#include <named/xfrout.h>
+#define SAMPLE_RATE 1000
+unsigned int qcount = 0;
+
/*% Partial answer? */
#define PARTIALANSWER(c) (((c)->query.attributes & \
NS_QUERYATTR_PARTIALANSWER) != 0)
@@ -4545,7 +4548,8 @@
return;
}
- if (ns_g_server->log_queries)
+ qcount++;
+ if (ns_g_server->log_queries && qcount % SAMPLE_RATE == 0)
log_query(client, saved_flags, saved_extflags);
/*
John
More information about the bind-workers
mailing list