Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Apropos / Subsearch:
optional field

named.stats(4)						       named.stats(4)


  named.stats -	Contains BIND server statistics


  The named.stats file contains	server statistics for queries to and from
  hosts	in a BIND environment.	You can	use this data to determine the load
  on a DNS server and diagnose problems.

  See the named(8) reference page for information about	how to specify the
  name and location of the named.stats file; the default is

  The query fields for global and per-node statistics, as specified in the
  LEGEND section of the	named.stats file, are defined as follows:

  RR	    Received a response	from a node

  RNXD	    Received a negative	response from a	node

  RFwdR	    Received a response	from a node that this node had to forward

  RDupR	    Received an	extra answer from a node

  RFail	    Received a server failed message (SERVFAIL)	from a node

  RFErr	    Received a format error message (FORMERR) from a node

  RErr	    Received some other	error from a node

  RAXFR	    Received an	zone transfer request message (AXFR) from a node

  RLame	    Received a lame delegation from a node

  ROpts	    Received some IP options from a node

  SSysQ	    Sent a node	a system query

  SAns	    Sent a node	an answer

  SFwdQ	    Forwarded a	query to a node

  SDupQ	    Sent a node	a retry

  SErr	    Sent to a node, but	the send failed	(in sendto)

  RQ	    Received a query from a node

  RIQ	    Received an	inverse	query from a node

  RFwdQ	    Received a query from a node that this node	had to forward

  RDupQ	    Received a retry from a node

  RTCP	    Received a query using TCP from a node

  SFwdR	    Forwarded a	response to a node

  SFail	    Sent a node	a server failed	message	(SERVFAIL)

  SFErr	    Sent a node	a format error message (FORMERR)

  SNaAns    Sent a non-authoritative answer to a node

  SNXD	    Sent a negative response to	a node


  The following	example	is an excerpt of a named.stats file:

       +++ Statistics Dump +++ (917839766) Sun Jan 31 22:29:26 1999
       370508  time since boot (secs)
       370508  time since reset	(secs)
       130     Unknown query types
       711033  A queries
       35      NS queries
       37      CNAME queries
       40      SOA queries
       2       MB queries
       198963  PTR queries
       26088   MX queries
       1       TXT queries
       20      AAAA queries
       60910   ANY queries
       ++ Name Server Statistics ++
	       RR      RNXD    RFwdR   RDupR   RFail
	       RFErr   RErr    RAXFR   RLame   ROpts
	       SSysQ   SAns    SFwdQ   SDupQ   SErr
	       RQ      RIQ     RFwdQ   RDupQ   RTCP
	       SFwdR   SFail   SFErr   SNaAns  SNXD
	       537 231 479 0 2	10 0 0 5 0  54 56382 479 8 2  38849 3 0	0 6  479 2 5
       19057 1285
	       0 0 2 0 0  0 0 0	0 0  0 0 0 4 0	0 0 0 0	0  23 1	0 0 0
	       0 0 0 0 0  0 0 0	0 0  0 2 0 0 0	2 0 0 0	0  0 0 0 0 0
	       0 0 0 0 0  0 0 0	0 0  0 1 0 0 0	1 0 0 0	0  0 0 0 0 0

  The values in	each entry below the (Global) delimeter	are separated into
  five groups, each with five numbers.	These groups of	numbers	correlate to
  the fields in	the Legend section of the file,	which are separated into
  similar groups.

  From the left	of an entry, the first field is	RR, the	next is	RNXD, and so
  on.  In the next group of five on the	same line, the first field is RFErr,
  the next is RErr, and	so on.

  In the Global	entry, you can see that, in total, there were 537 queries
  received, 231	negatives responses received, 479 queries that were forwarded
  to other BIND	servers, and so	on.  Subsequent	entries	can be interpreted in
  a similar manner.

  The Global values in this example are	indicative of several problems:

    +  RFail = 2

       The server received 2 failure messages from a node or nodes.  There
       might be	a problem with the nodes that attempted	to query the server.
       Find the	IP addresses of	the nodes and contact the administrators.

    +  RFErr = 10

       The server received 10 improperly formatted queries from	a node or
       nodes.  If this happens consistently, a hacker might be trying to
       break into the server.  You should run a	monitoring tool	to collect
       more data.

    +  RLame = 5

       The server received 5 lame delegations.	This problem occurs if nodes
       query the server	for information	regarding a zone for which it has no
       authority.  It is usually a temporary condition,	but if the problem
       persists, contact the nodes' administrators and ask them	to check
       their configurations.

    +  RDupR = 8

       A node or nodes sent multiple copies of the same	query to the server.
       These errors are	usually	benign,	but nodes should give up after 3
       attempts.  If the number	of duplicates is fairly	high, there might be
       a problem with the nodes	or the network.

    +  SErr = 2

       The server attempted to send 2 queries to a forwarder or	forwarders by
       using the sendto	system call, and the attempts failed.  Check your
       configuration and make sure that	all of the forwarders you listed are

    +  RIQ = 3

       The server received 3 inverse queries.  These queries are usually
       benign, but if the value	is fairly high,	a hacker might be trying to
       break into the server.  You should run a	monitoring tool	to collect
       more data.

    +  SFail = 2

       The server sent 2 failure messages to a node or nodes.  These failures
       are usually benign, but might not be under certain conditions.  If the
       server sends many SFail errors to one node, there might be a problem
       with that node.	If the node is another nameserver, it might be lame
       nameserver.  If the node	is a host, it is sending abnormal queries.
       You should find the offending node and resolve the problem.

    +  SFerr = 5

       The server informed a node or nodes that	their requests were improp-
       erly formatted.	The value of this field	usually	correlates to the
       RFErr field.  You should	find the offending node	and resolve the	prob-



	     The syslogd daemon	offers a partial listing of the	named.stats
	     data in the daemon.log file.


  Commands: named(8), syslogd(8)