[nsd-users] NSD not logging to SYSLOG

cam ESOUQcWEt5QXZwMWQYa8g7DiWPxFLIB3 at sauros.net
Tue Feb 18 15:17:26 UTC 2014


Thanks for the informative reply.

About the SERVFAIL, you seem to refer to this thread [1].
Will keep an eye on new releases.

Cheers,
cam

[1] https://open.nlnetlabs.nl/pipermail/nsd-users/2014-January/001780.html

On Mon, 17/02/2014 23:05 -0800, Will Pressly wrote:
> Also, I believe the SERVFAILs you are seeing are from zones that your
> server is not authoritative for, more than likely. I believe there is some
> discussion on this list about amending this behavior (and responding with
> Refused, if memory serves me correctly, which it rarely does).
> 
> Cheers,
> Will Pressly
> 
> On Mon, Feb 17, 2014 at 10:45 PM, Will Pressly <will at edgecast.com> wrote:
> 
> > Those log lines are old school BIND 8 stats lines (deprecated in BIND
> > 9.1.0, I believe). These were very common and alot of people understood the
> > log format and had tools and parsers built over it, so I guess it was a
> > design decision of netlabs to support it in NSD precisely because of this
> > existing understanding in the world.
> >
> > Specifically, The NSTATS line tells you this: current time, start time of
> > server, then counts of each individual RR type. The XSTATS line tells you
> > more in depth about issues with queries. I believe that almost every stat
> > in the XSTATS that starts with an uppercase R is for a recursive server,
> > and is largely irrelevant for NSD (as NSD is authoritative only). It is
> > just in there for those parsers and tools that I mentioned in the first
> > paragraph (so those tools worked on NSD's log format out of the box). You
> > can see this in the code for the logging, where many of the stats are
> > hard-coded zero:
> >
> > 	/* XSTATS */
> > 	/* Only print it if we're in the main daemon or have anything to report... */
> > 	if (nsd->server_kind == NSD_SERVER_MAIN
> > 	    || nsd->st.dropped || nsd->st.raxfr || (nsd->st.qudp + nsd->st.qudp6 - nsd->st.dropped)
> > 	    || nsd->st.txerr || nsd->st.opcode[OPCODE_QUERY] || nsd->st.opcode[OPCODE_IQUERY]
> > 	    || nsd->st.wrongzone || nsd->st.ctcp + nsd->st.ctcp6 || nsd->st.rcode[RCODE_SERVFAIL]
> > 	    || nsd->st.rcode[RCODE_FORMAT] || nsd->st.nona || nsd->st.rcode[RCODE_NXDOMAIN]
> > 	    || nsd->st.opcode[OPCODE_UPDATE]) {
> >
> > 		log_msg(LOG_INFO, "XSTATS %lld %lu"
> > 			" RR=%lu RNXD=%lu RFwdR=%lu RDupR=%lu RFail=%lu RFErr=%lu RErr=%lu RAXFR=%lu"
> > 			" RLame=%lu ROpts=%lu SSysQ=%lu SAns=%lu SFwdQ=%lu SDupQ=%lu SErr=%lu RQ=%lu"
> > 			" RIQ=%lu RFwdQ=%lu RDupQ=%lu RTCP=%lu SFwdR=%lu SFail=%lu SFErr=%lu SNaAns=%lu"
> > 			" SNXD=%lu RUQ=%lu RURQ=%lu RUXFR=%lu RUUpd=%lu",
> > 			(long long) now, (unsigned long) nsd->st.boot,
> > 			nsd->st.dropped, (unsigned long)0, (unsigned long)0, (unsigned long)0, (unsigned long)0,
> > 			(unsigned long)0, (unsigned long)0, nsd->st.raxfr, (unsigned long)0, (unsigned long)0,
> > 			(unsigned long)0, nsd->st.qudp + nsd->st.qudp6 - nsd->st.dropped, (unsigned long)0,
> > 			(unsigned long)0, nsd->st.txerr,
> > 			nsd->st.opcode[OPCODE_QUERY], nsd->st.opcode[OPCODE_IQUERY], nsd->st.wrongzone,
> > 			(unsigned long)0, nsd->st.ctcp + nsd->st.ctcp6,
> > 			(unsigned long)0, nsd->st.rcode[RCODE_SERVFAIL], nsd->st.rcode[RCODE_FORMAT],
> > 			nsd->st.nona, nsd->st.rcode[RCODE_NXDOMAIN],
> > 			(unsigned long)0, (unsigned long)0, (unsigned long)0, nsd->st.opcode[OPCODE_UPDATE]);
> > 	}
> >
> > Those variable descriptions are fairly self-explanatory, but here is a
> > link to some in depth descriptions (the last quarter of the page is what
> > you are looking for):
> > http://docstore.mik.ua/orelly/networking_2ndEd/dns/ch07_06.htm
> >
> > Cheers,
> > Will Pressly
> >
> >
> >
> > On Mon, Feb 17, 2014 at 5:39 PM, cam <
> > ESOUQcWEt5QXZwMWQYa8g7DiWPxFLIB3 at sauros.net> wrote:
> >
> >> Hi Wouter,
> >>
> >> Thanks for your note. After going through my syslog-ng configuration
> >> file, I
> >> realized that it was not listening on any socket. Creating a socket
> >> /var/nsd/dev/log solved the issue, even when chroot-ing to "/var/nsd/"
> >>
> >> Apart from this, I was wondering if you could help demystifying the log
> >> messages that I get:
> >> host nsd[16191]: NSTATS 1392687148 1392630857 A=71 NS=1 CNAME=5 MX=38
> >> AAAA=32 DNSKEY=5 TYPE251=32 TYPE252=64 TYPE255=85
> >> host nsd[16191]: XSTATS 1392687148 1392630857 RR=0 RNXD=0 RFwdR=0 RDupR=0
> >> RFail=0 RFErr=0 RErr=0 RAXFR=0 RLame=0 ROpts=0 SSysQ=0 SAns=235 SFwdQ=0
> >> SDupQ=0 SErr=0 RQ=333 RIQ=0 RFwdQ=0 RDupQ=0 RTCP=98 SFwdR=0 SFail=89
> >> SFErr=0 SNaAns=0 SNXD=1 RUQ=0 RURQ=0 RUXFR=0 RUUpd=0
> >>
> >> Is there a document somewhere explaining the above codes (RR, RDupR etc.)?
> >> Also, I see Sfail=89, sounds like something is wrong?
> >>
> >> Thanks again,
> >>
> >> Cheers,
> >> cam



More information about the nsd-users mailing list