How to check the running status of the DNS server in Linux

How to check the running status of the Linux System DNS server-Linux Enterprise Application-Linux server application information. In Linux, it also provides a popular BIND server, which is the most commonly used server software for building DNS servers. There are many articles about BIND installation. Now let's talk about the maintenance topic. How can we understand the running status of the DNS server? Is it busy and load-intensive? All this is important for system administrators.

To learn about the running status of the DNS server, you can view the log files generated by the DNS server during running.

BIND 8 provides some means to control the log system. However, the logs generated by the default status are enough to understand the current running status of the DNS server.

By default, BIND generates logs through syslog and stores them in the/var/log/message file. Note: The following four files are involved:

/Var/log/message.1

/Var/log/message.2

/Var/log/message.3

/Var/log/message.4

In fact, logs are stored in five files to prevent files from being too large. When the message file is large enough, it becomes message.1, and the original message.1 becomes message.2 ......, The content of message.4 disappears.

Because the log information in this file is generated by syslog, it is not all about BIND log information. Run the following command to select all BIND logs:

More/var/log/message | grep named>/tmp/named. log

Note: The process name of the BIND server is named.

In this way, BIND-related log information in/var/log/message will be written into the/tmp/named. log file. There are two main types of logs: LOG_NOTICE and LOG_INFO.

1. LOG_NOTICE-level logs

1. Each time the BIND server named is started, the following LOG_NOTICE-level log information is generated:

Nov 28 10:37:45 www named [10134]: starting. named 8.2.2-P3

Where:

Nov 28 10:37:45 indicates the server startup time

Www display the name of the machine where the DNS server is located

Named [10134]: displays the DNS server process name and process ID.

Starting. the DNS server is being started.

Named 8.2.2-p3 displays the BIND Software Version

2. When an HUP signal is sent to the DNS server to restart the DNS server, the following LOG_NOTICE-level log information is generated:

Nov 28 10:37:45 www named [10134]: reloading nameserver

Where:

Nov 28 10:37:45 indicates the restart time of the server

Www display the name of the machine where the DNS server is located

Named [10134]: displays the DNS server process name and process ID.

Reloading. indicates that the DNS server is being restarted.

Nameserver displays the name of the server being restarted

2. LOG_INFO-level logs

When the DNS server is running, a set of LOG_INFO-level logs are generated every one hour to report the running status of the DNS server:

Dec 26 10:23:52 www named [1033]: Cleaned cache of 26 RRset

Dec 26 10:23:52 www named [1033]: USAGE 977797432 976760631 CPU = 6.55u/6.24 s child cpu = 0u/0 s

Dec 26 10:23:52 www named [1033]: NSTATS 977797432 976760631 0 = 2 A = 13192

CNAME = 321 PTR = 11204 MX = 1173 TXT = 4 AAAA = 32 ANY = 4956

Dec 26 10:23:52 www named [1033]: XSTATS 977797432 976760631 RR = 7629 RNXD = 1368

RFwdR = 4836 RDupR = 51 RFail = 159 RFErr = 0 RErr = 12 RAXFR = 0 RLame = 175 ROpts = 0

SSysQ = 2082 SAns = 26234 SFwdQ = 4520 SDupQ = 1263 SErr = 0 RQ = 30889 RIQ = 4 RFwdQ = 0

RDupQ = 259 RTCP = 2 SFwdR = 4836 SFail = 6 SFErr = 0 snans = 21753 SNXD = 10276

Next we will explain it one by one:

1. Dec 26 10:23:52 www named [1033]: Cleaned cache of 26 RRset

This is the first line of each set of log information, indicating that the Cache is being cleared.

Where:

Dec 26 10:23:52 indicates the log generation time

Www display the name of the machine where the DNS server is located

Named [1033]: displays the DNS server process name and process ID.

Cleaned cache of 26 RRset indicates that the cache is being cleared

2. Dec 26 10:23:52 www named [1033]: USAGE 977797432 976760631 CPU = 6.55u

/6.24 s child cpu = 0u/0 s

This row is the USAGE line used to count the CPU time occupied by the DNS server.

Where:

Dec 26 10:23:52 indicates the log generation time

Www display the name of the machine where the DNS server is located

Named [1033]: displays the DNS server process name and process ID.

USAGE row mark

The value of 977797432 976760631 977797432-976760631 is the total number of seconds that the DNS server runs.

CPU = 6.55u/6.24 s indicates that the DNS server uses the user State for 6.55 seconds, and the system state for 6.24 seconds (u indicates the user,

S stands for system ),

The child cpu represents the CPU usage of the DNS server sub-process.

3. Dec 26 10:23:52 www named [1033]: NSTATS 977797432 976760631 0 = 2 A = 13192

CNAME = 321 PTR = 11204 MX = 1173 TXT = 4 AAAA = 32 ANY = 4956

This row is an NSTATS row used to count the total number of received queries.

Where:

Dec 26 10:23:52 indicates the log generation time

Www display the name of the machine where the DNS server is located

Named [1033]: displays the DNS server process name and process ID.

NSTATS row mark

The value of 977797432 976760631 977797432-976760631 is the total number of seconds that the DNS server runs.

0 = 2 represents two DNS queries of unknown type

A = 13192 represents 13192 Class A address queries (the most standard)

CNAME = 321 indicates that 321 CNAME class addresses are queried. (generally, some versions of sendmail use the CNAME program.

The canonicalized email address is also sent by dig or nslookup)

PTR = 11204 indicates that the pointer queries 11204 (many software uses this method to find IP addresses)

MX = 1173 indicates 1173 email exchanges (initiated by the email sending Program)

TXT = 4 indicates that the application performs a total of 4 text queries.

AAAA = 32 indicates 32 AAAA queries

ANY = 4956 some Sendmail Address query methods, a total of 4956

Note: There may also be:

NS = xx indicates the Name Server Query (for example, the name server tries to find the root domain server)

SOA = xx indicates secondary DNS update

HINFO = xx host Information Query

NSAP = xx maps the domain name to the OSI Network Service Access Point address

AXFR = xx secondary DNS zone transfer

These do not appear in this example.

4. Dec 26 10:23:52 www named [1033]: XSTATS 977797432 976760631 RR = 7629 RNXD = 1368

RFwdR = 4836 RDupR = 51 RFail = 159 RFErr = 0 RErr = 12 RAXFR = 0 RLame = 175 ROpts = 0 SSysQ = 2082

SAns = 26234 SFwdQ = 4520 SDupQ = 1263 SErr = 0 RQ = 30889 RIQ = 4 RFwdQ = 0

RDupQ = 259 RTCP = 2

SFwdR = 4836 SFail = 6 SFErr = 0 snans = 21753 SNXD = 10276

This is an XSTATS row used to count other data.

Where:

Dec 26 10:23:52 indicates the log generation time

Www display the name of the machine where the DNS server is located

Named [1033]: displays the DNS server process name and process ID.

NSTATS row mark

The value of 977797432 976760631 977797432-976760631 is the total number of seconds that the DNS server runs.

RR = 7629 indicates that a total of 7629 responses are received from other hosts (the number of responses obtained from queries sent by DNS to other machines or processes is irrelevant to RQ)

RNXD = 1368 indicates that a total of 1368 answers were received "No such domain ".

RFwdR = 108 receive 108 responses to the original query

RDupR = 51 repeated responses: 51 (when the DNS does not find the original query that caused the response in its pending query list, the response is a repeated response)

RFail = 159 received 159 SERVFAIL (Remote Server Error)

RFErr = 0 didn't receive FORMERR (the remote name server considers that the query of the local name server has a format error)

Rerr = 12 receive 12 errors except SERVFAIL and FORMERR

RAXFR = 0 0 total 0 transfers

RLame = 175 receive 175 bad authorizations (meaning some zones are authorized to other name servers, and this name server is not the authority of this zone)

ROpts = 0 total number of packets with IP option received is 0

SSysQ = 2082 a total of 2082 system queries were issued (system queries are performed by the local name server. Mostly for root name servers)

SAns = 26234 answered a total of 26234 queries

SFwdQ = 4520 is not on this name server, but there are a total of 4520 forwarding entries.

SDupQ = 1263 repeated queries: 1263

SErr = 0 Total Number of non-SERVFAIL and FORMERR errors

RQ = 30889 a total of 30889 queries are received

RIQ = 4 received four reverse queries (reverse query is used to map the address to the name, and now this function is implemented by PTR. Earlier nslookup uses this query)

RFwdQ = 0 no query to be further processed

RDupQ = 259 a total of 259 duplicate queries

RTCP = 2 receive two queries over TCP connections (generally UDP)

SFwdR = 4836 responses forwarded by other name servers: 4836

SFail = 6 6 SERVFAIL responses

SFErr = 0 Number of FORMERR responses

Snail ans = 21753 unauthoritative answers totaling 21753

SNXD = 10276: no answer for this domain

These statistics are the total statistics from the DNS activation to the present, rather than the statistics in this hour. How does one measure the load on a DNS server? It's easy to simply divide the total number of queries by the total time of DNS running. Don't you know? In this example, the DNS server is running: 977797432-976760631 = 1036801 seconds = 288 hours

Note: You can obtain data from lines 2nd, 3, and 4.

Total query requests include: 2 + 13192 + 321 + 11204 + 1173 + 4 + 32 + 4956 = 20884

Note: You can obtain the number of rows from 2nd, that is, 107 query requests per hour, less than two times per second. It can be seen that the load is still relatively small.