UNIX System Administration Handbook - Evi Nemeth [283]
Debugging with ndc
The ndc command (called rndc in BIND 9) is a useful tool for manipulating named. Table 16.15 shows some of the options it accepts. Commands that produce files put them in the directory specified as named’s home in named.conf.
Table 16.15 Useful ndc debugging commands
ndc reload is analogous to sending named a HUP signal; it makes named reread its configuration file and reload zone files. The ndc reload zone command is handy, especially on a busy server, when only one zone has changed and you don’t want to reload all zones.
ndc dumpdb makes named dump its database to named_dump.db. The dump file is big and includes not only local data but also any cached data that the name server has accumulated. A recent dump of the database cache on our primary colorado.edu name server was over 16MB, but the zone data loaded was less than 200K. Lots of caching there.
Recent versions of named keep query statistics, which you can access with ndc stats. On command, named writes the stats to the file named.stats. A sample stats file from the cs.colorado.edu master server (which has been up for 43 days) is shown below. This information is normally printed in one long column, but we compressed it a bit by deleting entries for obsolete or unused resource record types. We also reformatted the lower section; it’s normally one long line of values.
+++ Statistics Dump +++ Wed Feb 2 15:07:18 2000
180465 time since boot (secs)
52669 time since reset (secs)
0 Unknown query types
475460 A queries
3 NS queries
194 CNAME queries
15686 SOA queries
138816 PTR queries
76244 MX queries
130939 TXT queries
1 LOC queries
171 SRV queries
42 AXFR queries
124587 ANY queries
++ Name Server Statistics ++
RR RNXD RFwdR RDupR RFail RFErr RErr RAXFR RLame
320252 23620 249826 1013 3532 0 903 42 10339
ROpts SSysQ SAns SFwdQ SDupQ SErr RQ RIQ RFwdQ
0 55547 652973 265736 291448 0 963690 0 0
RDupQ RTCP SFwdR SFail SFErr SNaAns SNXD
47876 1605 249826 18 0 162533 190644
The cryptic data at the end counts things like the number of duplicate queries, duplicate responses, and lame delegations seen by this server. The initial letter in the abbreviations stands for received (R) or sent (S); the final letter indicates query (Q) or response (R). The real meaning of these headings is documented in the code, where a brief comment identifies each abbreviation—see the file ns_stats.c beneath the src/bin/named directory in the BIND 8 distribution. A less painful way to decode these abbreviations is to read the statistics section in the O’Reilly DNS book. Statistics have not yet been implemented in BIND 9, so we can’t point you to the correct source code file. You should be able to find it in your current distribution with grep or find.
Any query that results in an error is logged, counted in one or more statistics buckets, and dropped. The category Unknown query types includes any query for a resource record type that the server does not recognize. As new record types are standardized, they show up in this column until the name servers have been upgraded to include the new record types. The ANY bucket is not a real resource record type; it counts queries that ask for any and all information a server might have about a particular name. The Dup entries in the bottom half of the output represent duplicate queries or responses. Duplicates normally occur when a query times out before its answer has been received; the querier then resubmits the query.
In BIND 8, ndc stats also produces memory statistics in the file named.memstats if deallocate-on-exit is set. BIND 9 memory statistics can be accessed only through named’s debug mode.
Debugging with nslookup, dig, and host
Three tools can be used from the shell to query the DNS database: nslookup, dig, and host. nslookup is the oldest of these tools and has always been distributed