Home / server / Questions / 496426
Accepted
Peter
Asked: 2013-04-06 03:08:04 +0800 CST

Get Recusrive Queries Stats from BIND 9.3 logs

  • 772

I need to create a report with the top 30 domains that are requested from our Recursive DNS servers. The report must be in the following format:

Domain Number of Requests

For example:

Google.com; 98556
yahoo.com; 45585

etc

I know that BIND 9.3 offers no such functionality, so, do you know any script that could be run on a let's say daily basis and gather that information?

My plan it to create an RRD DB with that information in a later state.

bind

1 Answers

  1. Best Answer

    If you enable querylog in Bind9, it will log all queries made to your server, which you can then parse for the recursive flag, then order. You could use many tools for that, pick your own poison.

    Given entries like this:

    02-Mar-2013 10:50:08.899 queries: info: client 111.22.33.44#53: Query: fully.qualified.domain.name IN A -E
    02-Mar-2013 10:50:08.900 queries: info: client 111.22.33.44#53: Query: fully.qualified.domain.name IN A6 -E

    The fields are such:

    The date and time the query was received; the source IP address and port number used by the client; and the name, class and qtype. The final field shows if the query had the rd (recursion desired) bit set (+) or not (-) -- typically showing if the query came from a name server or stub resolver -- or if EDNS0 (E) was used.

    • -1