Maintained by: NLnet Labs

[Unbound-users] Feature request - detailed statistics about unbound

Wouter Wijngaards
Tue Sep 16 10:49:37 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Stephane, Beastie,

I am making a compromise.  More statistics, but not the amount nor
detail that a dedicated package like DSC provides.  Without webpages
with pretty graphs and data selection user interface; that does not
belong inside the nameserver.  More similar to the BIND8_STATS in NSD
than the DSC package.

As config option 'extended-statictics'; default turned off (because of
speed).

I think:
types of queries, answer error codes, validation status, and also
spoof-nearmiss-counter (a plain unwanted traffic counter).

$ unbound-control stats
thread0.num.queries: 1234
thread0.requestlist.exceeded: 0
thread1.num.queries: 1345
thread1.requestlist.exceeded: 1
total.num.queries: 12345
total.requestlist.exceeded: 1
num.query.type.AAAA: 12
num.answer.secure: 123
num.answer.bogus: 23
unwanted.replies: 200000

It does not examine the query names, server names, or addresses, as that
creates a lot of extra code (and Stephane, I hear you, that is a problem).

Is this format easy to use as input for rrdtool, cacti, munin, ... ?
I could also print out:
unwanted_replies=200000

Best regards,
   Wouter

Stephane Bortzmeyer wrote:
> On Fri, Sep 12, 2008 at 04:18:02PM +0300,
>  Beastie <beastie24 at gmail.com> wrote 
>  a message of 22 lines which said:
> 
>> It would be very useful to have the ability to see additional
>> information insight of the unbound statistics reports.
> 
> My personal opinion: no.
> 
>> In general it would be grate to have separate tool/command that will
>> produces this kind of statistics.
> 
> A name server is already complicated enough and I no longer think it
> is a good idea to complicate it further with statistics, specially
> because of the security problems that may arise. Keep the code small
> and clean, please.
> 
> Statistics are, in my opinion, best handled with completely separate
> programs which sniff the requests and the responses. I recommend DSC
> <https://www.dns-oarc.net/oarc/src/dsc>
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjPcyEACgkQkDLqNwOhpPjLdgCeJEDG2BjgkE6usVT+Wiq0xiPN
NtkAniJrZOJ+BlU/s9QWhOkxVSNXtSGC
=765M
-----END PGP SIGNATURE-----