 |
Index for
Section 4 |
|
 |
Alphabetical
listing for N |
|
 |
Bottom of
page |
|
named.stats(4)
NAME
named.stats - Contains BIND server statistics
DESCRIPTION
The named.stats file contains server statistics for queries to and from
hosts in a BIND environment. You can use this data to determine the load
on a DNS server and diagnose problems.
See the named(8) reference page for information about how to specify the
name and location of the named.stats file; the default is
/var/tmp/named.stats.
The query fields for global and per-node statistics, as specified in the
LEGEND section of the named.stats file, are defined as follows:
RR Received a response from a node
RNXD
Received a negative response from a node
RFwdR
Received a response from a node that this node had to forward
RDupR
Received an extra answer from a node
RFail
Received a server failed message (SERVFAIL) from a node
RFErr
Received a format error message (FORMERR) from a node
RErr
Received some other error from a node
RAXFR
Received an zone transfer request message (AXFR) from a node
RLame
Received a lame delegation from a node
ROpts
Received some IP options from a node
SSysQ
Sent a node a system query
SAns
Sent a node an answer
SFwdQ
Forwarded a query to a node
SDupQ
Sent a node a retry
SErr
Sent to a node, but the send failed (in sendto)
RQ Received a query from a node
RIQ Received an inverse query from a node
RFwdQ
Received a query from a node that this node had to forward
RDupQ
Received a retry from a node
RTCP
Received a query using TCP from a node
SFwdR
Forwarded a response to a node
SFail
Sent a node a server failed message (SERVFAIL)
SFErr
Sent a node a format error message (FORMERR)
SNaAns
Sent a non-authoritative answer to a node
SNXD
Sent a negative response to a node
EXAMPLES
The following example is an excerpt of a named.stats file:
+++ Statistics Dump +++ (917839766) Sun Jan 31 22:29:26 1999
370508 time since boot (secs)
370508 time since reset (secs)
130 Unknown query types
711033 A queries
35 NS queries
37 CNAME queries
40 SOA queries
2 MB queries
198963 PTR queries
26088 MX queries
1 TXT queries
20 AAAA queries
60910 ANY queries
++ Name Server Statistics ++
(Legend)
RR RNXD RFwdR RDupR RFail
RFErr RErr RAXFR RLame ROpts
SSysQ SAns SFwdQ SDupQ SErr
RQ RIQ RFwdQ RDupQ RTCP
SFwdR SFail SFErr SNaAns SNXD
(Global)
537 231 479 0 2 10 0 0 5 0 54 56382 479 8 2 38849 3 0 0 6 479 2 5
19057 1285
[0.0.0.0]
0 0 2 0 0 0 0 0 0 0 0 0 0 4 0 0 0 0 0 0 23 1 0 0 0
[4.0.38.18]
0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 2 0 0 0 0 0 0 0 0 0
[4.0.147.94]
0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0
.
.
.
The values in each entry below the (Global) delimeter are separated into
five groups, each with five numbers. These groups of numbers correlate to
the fields in the Legend section of the file, which are separated into
similar groups.
From the left of an entry, the first field is RR, the next is RNXD, and so
on. In the next group of five on the same line, the first field is RFErr,
the next is RErr, and so on.
In the Global entry, you can see that, in total, there were 537 queries
received, 231 negatives responses received, 479 queries that were forwarded
to other BIND servers, and so on. Subsequent entries can be interpreted in
a similar manner.
The Global values in this example are indicative of several problems:
· RFail = 2
The server received 2 failure messages from a node or nodes. There
might be a problem with the nodes that attempted to query the server.
Find the IP addresses of the nodes and contact the administrators.
· RFErr = 10
The server received 10 improperly formatted queries from a node or
nodes. If this happens consistently, a hacker might be trying to
break into the server. You should run a monitoring tool to collect
more data.
· RLame = 5
The server received 5 lame delegations. This problem occurs if nodes
query the server for information regarding a zone for which it has no
authority. It is usually a temporary condition, but if the problem
persists, contact the nodes' administrators and ask them to check
their configurations.
· RDupR = 8
A node or nodes sent multiple copies of the same query to the server.
These errors are usually benign, but nodes should give up after 3
attempts. If the number of duplicates is fairly high, there might be
a problem with the nodes or the network.
· SErr = 2
The server attempted to send 2 queries to a forwarder or forwarders by
using the sendto system call, and the attempts failed. Check your
configuration and make sure that all of the forwarders you listed are
reachable.
· RIQ = 3
The server received 3 inverse queries. These queries are usually
benign, but if the value is fairly high, a hacker might be trying to
break into the server. You should run a monitoring tool to collect
more data.
· SFail = 2
The server sent 2 failure messages to a node or nodes. These failures
are usually benign, but might not be under certain conditions. If the
server sends many SFail errors to one node, there might be a problem
with that node. If the node is another nameserver, it might be lame
nameserver. If the node is a host, it is sending abnormal queries.
You should find the offending node and resolve the problem.
· SFerr = 5
The server informed a node or nodes that their requests were
improperly formatted. The value of this field usually correlates to
the RFErr field. You should find the offending node and resolve the
problem.
FILES
daemon.log
The syslogd daemon offers a partial listing of the named.stats data in
the daemon.log file.
SEE ALSO
Commands: named(8), syslogd(8)
|
Index for
Section 4 |
|
|
Alphabetical
listing for N |
|
 |
Top of
page |
|