| 
        named.stats - Contains BIND server statistics
        The   named.stats  file  contains  server  statistics  for
       queries to and from hosts in a BIND environment.  You  can
       use  this  data  to determine the load on a DNS server and
       diagnose problems.
       See the named(8) reference page for information about  how
       to  specify the name and location of the named.stats file;
       the default is /var/tmp/named.stats.
       The query fields for global and  per-node  statistics,  as
       specified  in  the LEGEND section of the named.stats file,
       are defined as follows: Received a response  from  a  node
       Received  a  negative  response  from  a  node  Received a
       response from  a  node  that  this  node  had  to  forward
       Received  an  extra  answer  from a node Received a server
       failed message (SERVFAIL) from a node  Received  a  format
       error  message  (FORMERR)  from a node Received some other
       error from a node Received an zone transfer  request  message
  (AXFR) from a node Received a lame delegation from a
       node Received some IP options from a node Sent  a  node  a
       system  query Sent a node an answer Forwarded a query to a
       node Sent a node a retry Sent to  a  node,  but  the  send
       failed  (in  sendto) Received a query from a node Received
       an inverse query from a node Received a query from a  node
       that this node had to forward Received a retry from a node
       Received a  query  using  TCP  from  a  node  Forwarded  a
       response  to  a  node  Sent a node a server failed message
       (SERVFAIL) Sent a node a format  error  message  (FORMERR)
       Sent  a non-authoritative answer to a node Sent a negative
       response to a node
       The following example is an excerpt of a named.stats file:
       +++  Statistics  Dump  +++ (917839766) Sun Jan 31 22:29:26
       1999 370508  time since boot  (secs)  370508   time  since
       reset (secs) 130     Unknown query types 711033  A queries
       35      NS  queries  37       CNAME  queries  40       SOA
       queries  2       MB queries 198963  PTR queries 26088   MX
       queries 1       TXT queries  20       AAAA  queries  60910
       ANY queries ++ Name Server Statistics ++ (Legend)
               RR      RNXD    RFwdR   RDupR   RFail
               RFErr   RErr    RAXFR   RLame   ROpts
               SSysQ   SAns    SFwdQ   SDupQ   SErr
               RQ      RIQ     RFwdQ   RDupQ   RTCP
               SFwdR   SFail   SFErr   SNaAns  SNXD (Global)
               537  231  479  0  2   10 0 0 5 0  54 56382 479 8 2
       38849 3 0 0 6  479 2 5 19057 1285 [0.0.0.0]
               0 0 2 0 0  0 0 0 0 0  0 0 0 4 0  0 0 0 0 0  23 1 0
       0 0 [4.0.38.18]
               0  0 0 0 0  0 0 0 0 0  0 2 0 0 0  2 0 0 0 0  0 0 0
       0 0 [4.0.147.94]
               0 0 0 0 0  0 0 0 0 0  0 1 0 0 0  1 0 0 0 0  0 0  0
       0 0 .  .  .
       The  values in each entry below the (Global) delimeter are
       separated into five groups, each with five numbers.  These
       groups  of  numbers  correlate to the fields in the Legend
       section of the file,  which  are  separated  into  similar
       groups.
       From the left of an entry, the first field is RR, the next
       is RNXD, and so on.  In the next group of five on the same
       line,  the  first field is RFErr, the next is RErr, and so
       on.
       In the Global entry, you can see  that,  in  total,  there
       were   537   queries  received,  231  negatives  responses
       received, 479 queries that were forwarded  to  other  BIND
       servers, and so on.  Subsequent entries can be interpreted
       in a similar manner.
       The Global values in this example are indicative  of  several
 problems: RFail = 2
              The  server received 2 failure messages from a node
              or nodes.  There might be a problem with the  nodes
              that  attempted  to  query the server.  Find the IP
              addresses of the nodes and contact the  administrators.
  RFErr = 10
              The server received 10 improperly formatted queries
              from a node or  nodes.   If  this  happens  consistently,
  a hacker might be trying to break into the
              server.  You should run a monitoring tool  to  collect
 more data.  RLame = 5
              The server received 5 lame delegations.  This problem
 occurs if nodes query the server  for  information
  regarding  a zone for which it has no authority.
  It is usually a temporary condition,  but  if
              the  problem  persists, contact the nodes' administrators
 and ask them to check their configurations.
              RDupR = 8
              A  node  or  nodes sent multiple copies of the same
              query to the  server.   These  errors  are  usually
              benign,  but nodes should give up after 3 attempts.
              If the number of duplicates is fairly  high,  there
              might  be  a problem with the nodes or the network.
              SErr = 2
              The server attempted to send 2 queries  to  a  forwarder
  or  forwarders  by  using the sendto system
              call, and the attempts failed.  Check your configuration
 and make sure that all of the forwarders you
              listed are reachable.  RIQ = 3
              The  server  received  3  inverse  queries.   These
              queries  are  usually  benign,  but if the value is
              fairly high, a hacker might be trying to break into
              the  server.   You  should run a monitoring tool to
              collect more data.  SFail = 2
              The server sent 2 failure messages  to  a  node  or
              nodes.   These  failures  are  usually  benign, but
              might not be  under  certain  conditions.   If  the
              server  sends  many SFail errors to one node, there
              might be a problem with that node.  If the node  is
              another  nameserver,  it  might be lame nameserver.
              If the node is  a  host,  it  is  sending  abnormal
              queries.  You  should  find  the offending node and
              resolve the problem.  SFerr = 5
              The server informed a  node  or  nodes  that  their
              requests  were  improperly formatted.  The value of
              this field usually correlates to the  RFErr  field.
              You  should find the offending node and resolve the
              problem.
       The  syslogd  daemon  offers  a  partial  listing  of  the
       named.stats data in the daemon.log file.
       Commands: named(8), syslogd(8)
                                                   named.stats(4)
[ Back ] |