[dns-operations] All requests are logged by BIND?
Doug Barton
dougb at dougbarton.us
Fri Jan 25 19:15:32 UTC 2013
On 01/25/2013 01:11 PM, Liu Mingxing wrote:
> All requests are logged by BIND?
> By a rrdtool, I found that DNS traffic of router before an authoritative
> nameserver is larger than those seen from querylog. For example, cacti
> tells us qps is 2k while querylog shows a smaller qps.
> Is it just because BIND could not records all requests when
> large traffic of queries come to it?
FYI, this question would be better on bind-users at isc.org, but it's
arguably on-topic here, so ...
What is likely happening is that you are receiving a percentage of
repeat requests from the same remote servers for the same records. BIND
is fairly intelligent about consolidating the answers to such requests.
I'm not sure if that would affect the logging in the way you describe,
but I imagine it probably does.
The way that you can determine this for sure would be to actually
capture the packets going in and out, and compare number of identical
questions to the number of answers.
hope this helps,
Doug
More information about the dns-operations
mailing list