Exporting Bind query statistics though XML and JSON -- Prefetch Technologies

Bind 9.10 introduced a statistics server which exports a number of useful metrics through a web UI, XML and JSON. The statistics server is configured via the “statistics-channels” directive which contains the ip and port to export statistics on and an ACL to control who can read statistics from the server. Here is a sample configuration for reference:

acl "stats_hosts" {
192.168.1.0/24;
};

statistics-channels {
inet 10.10.0.1 port 8080 allow { stats_hosts; };
};

Once the statistics server is enabled you can view the statistics in a web browser by surfing to the IP:PORT the server is configured to export statistics through. To retrieve statistics through XML or JSON you can append “/xml” or “/json” to the URL:

Retrieve statistics through XML:
$ curl http://bind:8080/xml

Retrieve statistics through JSON:
$ curl http://bind:8080/json

The statistics server exports several useful metrics. To view everything you can pipe the output of curl to jq:

$ curl -j http://bind:8080/json 2>/dev/null | jq '.' | more

{
"json-stats-version": "1.2",
"boot-time": "2017-09-10T13:24:35.411Z",
"config-time": "2017-09-10T13:24:35.484Z",
"current-time": "2017-09-10T13:35:44.401Z",
"version": "9.11.2",
"opcodes": {
"QUERY": 389,
"IQUERY": 0,
"STATUS": 0,
.....

If you want to get specific fields you can can adjust the filter passed to jq. To get just the query response codes you can retrieve the rcodes field:

$ curl -j http://bind:8080/json 2>/dev/null | jq '.rcodes'

{
"NOERROR": 307,
"FORMERR": 0,
"SERVFAIL": 0,
"NXDOMAIN": 0,
"NOTIMP": 0,
"REFUSED": 0,
.....
}

To get the types of queries sent to the server you can retrieve qtypes:

$ curl -j http://bind:8080/json 2>/dev/null | jq '.qtypes'

{
"A": 369,
"NS": 1,
"PTR": 1,
"MX": 1,
"AAAA": 11
}

To get overall name server statistics you can grab nsstats:

$ curl -j http://bind:8080/json 2>/dev/null | jq '.nsstats'

{
"Requestv4": 385,
"ReqEdns0": 361,
"RecQryRej": 8,
"Response": 385,
"RespEDNS0": 361,
"QrySuccess": 369,
"QryAuthAns": 17,
"QryNoauthAns": 360,
"QryNxrrset": 8,
"QryRecursion": 3,
"QryFailure": 8,
"QryUDP": 377
}

The statistics server also exports zone data and zone, network and memory statistics. Funneling this data into metricbeats or prometheus and using kibana and grafana to visualize it can provide some amazing insight into your DNS infrastructure.

This article was posted by Matty on 2017-09-10 09:48:00 -0400 -0400