named.stats(4)named.stats(4)NAMEnamed.stats - Contains BIND server statistics
DESCRIPTION
The named.stats file contains server statistics for queries to and from
hosts in a BIND environment. You can use this data to determine the
load on a DNS server and diagnose problems.
See the named(8) reference page for information about how to specify
the name and location of the named.stats file; the default is
/var/tmp/named.stats.
The query fields for global and per-node statistics, as specified in
the LEGEND section of the named.stats file, are defined as follows:
Received a response from a node Received a negative response from a
node Received a response from a node that this node had to forward
Received an extra answer from a node Received a server failed message
(SERVFAIL) from a node Received a format error message (FORMERR) from a
node Received some other error from a node Received an zone transfer
request message (AXFR) from a node Received a lame delegation from a
node Received some IP options from a node Sent a node a system query
Sent a node an answer Forwarded a query to a node Sent a node a retry
Sent to a node, but the send failed (in sendto) Received a query from a
node Received an inverse query from a node Received a query from a node
that this node had to forward Received a retry from a node Received a
query using TCP from a node Forwarded a response to a node Sent a node
a server failed message (SERVFAIL) Sent a node a format error message
(FORMERR) Sent a non-authoritative answer to a node Sent a negative
response to a node
EXAMPLES
The following example is an excerpt of a named.stats file:
+++ Statistics Dump +++ (917839766) Sun Jan 31 22:29:26 1999 370508
time since boot (secs) 370508 time since reset (secs) 130 Unknown
query types 711033 A queries 35 NS queries 37 CNAME queries
40 SOA queries 2 MB queries 198963 PTR queries 26088 MX
queries 1 TXT queries 20 AAAA queries 60910 ANY queries ++
Name Server Statistics ++ (Legend)
RR RNXD RFwdR RDupR RFail
RFErr RErr RAXFR RLame ROpts
SSysQ SAns SFwdQ SDupQ SErr
RQ RIQ RFwdQ RDupQ RTCP
SFwdR SFail SFErr SNaAns SNXD (Global)
537 231 479 0 2 10 0 0 5 0 54 56382 479 8 2 38849 3 0 0 6
479 2 5 19057 1285 [0.0.0.0]
0 0 2 0 0 0 0 0 0 0 0 0 0 4 0 0 0 0 0 0 23 1 0 0 0
[4.0.38.18]
0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 2 0 0 0 0 0 0 0 0 0
[4.0.147.94]
0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 . . .
The values in each entry below the (Global) delimeter are separated
into five groups, each with five numbers. These groups of numbers cor‐
relate to the fields in the Legend section of the file, which are sepa‐
rated into similar groups.
From the left of an entry, the first field is RR, the next is RNXD, and
so on. In the next group of five on the same line, the first field is
RFErr, the next is RErr, and so on.
In the Global entry, you can see that, in total, there were 537 queries
received, 231 negatives responses received, 479 queries that were for‐
warded to other BIND servers, and so on. Subsequent entries can be
interpreted in a similar manner.
The Global values in this example are indicative of several problems:
RFail = 2
The server received 2 failure messages from a node or nodes.
There might be a problem with the nodes that attempted to query
the server. Find the IP addresses of the nodes and contact the
administrators. RFErr = 10
The server received 10 improperly formatted queries from a node
or nodes. If this happens consistently, a hacker might be try‐
ing to break into the server. You should run a monitoring tool
to collect more data. RLame = 5
The server received 5 lame delegations. This problem occurs if
nodes query the server for information regarding a zone for
which it has no authority. It is usually a temporary condition,
but if the problem persists, contact the nodes' administrators
and ask them to check their configurations. RDupR = 8
A node or nodes sent multiple copies of the same query to the
server. These errors are usually benign, but nodes should give
up after 3 attempts. If the number of duplicates is fairly
high, there might be a problem with the nodes or the network.
SErr = 2
The server attempted to send 2 queries to a forwarder or for‐
warders by using the sendto system call, and the attempts
failed. Check your configuration and make sure that all of the
forwarders you listed are reachable. RIQ = 3
The server received 3 inverse queries. These queries are usu‐
ally benign, but if the value is fairly high, a hacker might be
trying to break into the server. You should run a monitoring
tool to collect more data. SFail = 2
The server sent 2 failure messages to a node or nodes. These
failures are usually benign, but might not be under certain con‐
ditions. If the server sends many SFail errors to one node,
there might be a problem with that node. If the node is another
nameserver, it might be lame nameserver. If the node is a host,
it is sending abnormal queries. You should find the offending
node and resolve the problem. SFerr = 5
The server informed a node or nodes that their requests were
improperly formatted. The value of this field usually corre‐
lates to the RFErr field. You should find the offending node
and resolve the problem.
FILES
The syslogd daemon offers a partial listing of the named.stats data in
the daemon.log file.
SEE ALSO
Commands: named(8), syslogd(8)named.stats(4)