[dns-operations] All requests are logged by BIND?
Liu Mingxing
lmxhappy at gmail.com
Fri Jan 25 19:53:17 UTC 2013
Ok, next time I will post questions to bind-users at isc.org.
Yes, BIND maybe consilidate answers just like you said when receiving large amount of requests for the same records.
I will capture inbound and outbound traffic and compare it to querylog.
Thanks.
Liu Mingxing
From: Doug Barton
Date: 2013-01-26 03:15
To: dns-operations
Subject: Re: [dns-operations] All requests are logged by BIND?
On 01/25/2013 01:11 PM, Liu Mingxing wrote:
> All requests are logged by BIND?
> By a rrdtool, I found that DNS traffic of router before an authoritative
> nameserver is larger than those seen from querylog. For example, cacti
> tells us qps is 2k while querylog shows a smaller qps.
> Is it just because BIND could not records all requests when
> large traffic of queries come to it?
FYI, this question would be better on bind-users at isc.org, but it's
arguably on-topic here, so ...
What is likely happening is that you are receiving a percentage of
repeat requests from the same remote servers for the same records. BIND
is fairly intelligent about consolidating the answers to such requests.
I'm not sure if that would affect the logging in the way you describe,
but I imagine it probably does.
The way that you can determine this for sure would be to actually
capture the packets going in and out, and compare number of identical
questions to the number of answers.
hope this helps,
Doug
_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130126/e7dc2ddb/attachment.html>
More information about the dns-operations
mailing list