Re: Bind9 logging options
The DNS Servers are authoritive. I have more than 100 users for them, and the number of queries performed per minute is very high due to the nature of our organization. Moreover, I do not have a specific time window in which the timeouts occur, so, it is impossible to run it 24/7! From your answer I conclude that there is no such option, correct? On Mon 17 of May 2010 16:09:46 you wrote: Are the timed out queries recursive or authoritative? I'd suggest tcpdump running on both the BIND servers and the client, so you can match send/receive and show missed packets directly. Cheers, Todd. -Original Message- From: bind-users-bounces+tsnyder=rim@lists.isc.org [mailto:bind-users-bounces+tsnyder=rim@lists.isc.org] On Behalf Of Techi Sent: Monday, May 17, 2010 6:39 AM To: bind-users@lists.isc.org Subject: Bind9 logging options Hallo, I have a problem in my recursive DNS servers (Bind 9, on RHEL 5). Intalled package on my system is the latest bind-9.3.6-4.P1.el5_4.2 from Red Hat. My problem is that sometimes, queries are failed with timeouts and that the one of my 2 DNS servers (the one set as primaryin my users) has 3 time more failed queries than the secondary, while the succesful queries are almost the same. . I am almost sure that the problem is network related (hardware or software), but I need a proof for that. Is there any way to log the timed-out queries in a log file? Thank you Techi ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users - This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind9 logging options
On 17.05.10 13:38, Techi wrote: I have a problem in my recursive DNS servers (Bind 9, on RHEL 5). Intalled package on my system is the latest bind-9.3.6-4.P1.el5_4.2 from Red Hat. My problem is that sometimes, queries are failed with timeouts and that the one of my 2 DNS servers (the one set as primaryin my users) has 3 time more failed queries than the secondary, while the succesful queries are almost the same. . I am almost sure that the problem is network related (hardware or software), but I need a proof for that. Is there any way to log the timed-out queries in a log file? and there is nothing in the bind log files? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Due to unexpected conditions Windows 2000 will be released in first quarter of year 1901 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind9 logging options
No! Log files are indicating any issue! The only indication I have about the problem, is the lack if queries in the log files. No timeouts, no failures. I even tried to query a fake domain. The result was a normal record (with A+). I did not find any error! So, how on earth do I log them? On Tue 18 of May 2010 10:58:53 Matus UHLAR - fantomas wrote: On 17.05.10 13:38, Techi wrote: I have a problem in my recursive DNS servers (Bind 9, on RHEL 5). Intalled package on my system is the latest bind-9.3.6-4.P1.el5_4.2 from Red Hat. My problem is that sometimes, queries are failed with timeouts and that the one of my 2 DNS servers (the one set as primaryin my users) has 3 time more failed queries than the secondary, while the succesful queries are almost the same. . I am almost sure that the problem is network related (hardware or software), but I need a proof for that. Is there any way to log the timed-out queries in a log file? and there is nothing in the bind log files? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind9 logging options
No! Log files are indicating any issue! The only indication I have about the problem, is the lack if queries in the log files. No timeouts, no failures. I even tried to query a fake domain. The result was a normal record (with A+). I did not find any error! So, how on earth do I log them? Use a packet sniffer (e.g. tcpdump, wireshark) on your DNS servers to capture the DNS traffic. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind9 logging options
Quoting sth...@nethelp.no: No! Log files are indicating any issue! The only indication I have about the problem, is the lack if queries in the log files. No timeouts, no failures. I even tried to query a fake domain. The result was a normal record (with A+). I did not find any error! So, how on earth do I log them? Use a packet sniffer (e.g. tcpdump, wireshark) on your DNS servers to capture the DNS traffic. if you set it to capture only 53 port and to save files up to reasonable size you can leave it running for 24h without a problem - wouldnt recommend doing that without specifying port/service. t -- bEsT rEgArDs| Confidence is what you have before you tomasz dereszynski | understand the problem. -- Woody Allen | Spes confisa Deo| In theory, theory and practice are much numquam confusa recedit | the same. In practice they are very | different. -- Albert Einstein This message was sent using IMP, the Internet Messaging Program. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Bind9 logging options
The DNS Servers are authoritive. I have more than 100 users for them, and the number of queries performed per minute is very high due to the nature of our organization. Moreover, I do not have a specific time window in which the timeouts occur, so, it is impossible to run it 24/7! From your answer I conclude that there is no such option, correct? Well, it depends on the reason for the timeouts. If the packet is getting lost along the way due to network issues, it would never hit the server, and you wouldn't have any logs of it. You could use filters on tcpdump (tcpdump -tt host x.y.z.a port 53)and setup a script on a remote host to send a stream of queries. You don't necessarily have to capture all traffic to troubleshoot the problem. Make sure your servers are time sync'd properly so you can correlate the logs. Otherwise, if the issue is happening after the packet reaches the server, then I'd bump up the debug level and turn on a bunch of logging and make sure ntp is working fine and start watching logs while generating a bunch of traffic from a test box. Cheers, Todd. - This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users