Hi Zayed, I think you're more likely to get good answers to your BIND-specific questions on the bind-users mailing list. See: https://lists.isc.org/mailman/listinfo/bind-users BIND9 has the capability to produce a vast variety and volume of logs, and dealing with logs in general is something that there are solutions for. Maybe look at logstash/elasticsearch as a starting point. Other BIND9 users on the bind-users list will no doubt have advice about what types logs they think are important. Recent releases of BIND9 can export a variety of statistics in XML and JSON formats using HTTP. Pulling those out and sending them to cacti/graphite/whatever is also a fairly non-DNS-specific problem to have. Advice for tuning a BIND9 recursive resolver's cache can be found in a tech note published by ISC; if that's not especially relevant to modern releases (I seem to think it was published some time ago) you could again look to the bind-users list for advice. For authority-only servers, your main concern is whether you have enough RAM to hold all your zone data. If you do, and if your server was built this decade and has no hardware faults, chances are you're good. Deciding whether your servers struggling to keep up with the load of the software you're running on it is another problem that is not specific to the DNS. Check with whoever provides your operating system for advice; look in to system statistics collection using things like collectd and publish somewhere you can record data and identify long-term trends so you know what looks normal (since until you know what normal looks like, you can't tell what a problem looks like). You can use commercial services like catchpoint and thousandeyes to check that your authoritative nameservers are suitably responsive. You can use non-commercial services like Atlas to do the same thing. If you've connected your nameservers to the network in such a way that there's a stateful firewall between the server and its clients, the report to your boss could be very brief and accurate; something like "service expected to fail at any time; explosion imminent" would do it. Joe On 21 May 2015, at 7:15, Zayed Mahmud wrote:
Thanks a lot to Denis Fondras, Zachary, Andrew Smith, Christopher Morrow for your valuable advice.
I've tried cacti but failed to get desired logs. i've also tried bind graph...but it consumes too much memory in the long run.
can u suggest some suitable tools that i can measure the performance of the dns servers? like what shud b active and what shud not be in general safe dns server practice and check against my own settings or whatever the tool can query, something like nmap. this would be really helpful. i just need to make a report about my dns servers for my boss...and i'm clueless what to point out and what not to or how to evaluate it's performance. i'm running bind9 under unix environment.
thanks in advance.
On Tue, May 19, 2015 at 11:34 PM, Zayed Mahmud <zayed.mahmud@gmail.com> wrote:
Hello! This is my first message to NANOG's mailing list. I hope someone can help me.
I was wondering which tool(s) can I use to measure the performance of my 3 DNS servers (1 primary, 1 secondary, 1 solely cacheDNS)? From the stats I would like to know if my DNS server is serving as it should be or if any of it's options are set inappropriately and others alike.
I looked for a while but could not find any. Any help would be highly appreciated. I am running bind9 on UNIX platform.
Question 2) I would also like to know how can I graph my DNS logs? And how can I integrate it to my CACTI server as well? I couldn't find any suitable plugin. Any suggestion?
--
-- Best Regards,
*Zayed Mahmud*
*Senior Core & IP Network Team,*
*Banglalion Communications Limited, Bangladesh.*
--
-- Best Regards, *Zayed Mahmud.*