Skip to content
Snippets Groups Projects

design stats

Last edited by Daniel Salzman

Collecting various statistics in KnotDNS

What we want to collect

  • query opcodes
  • query rcodes
  • packet types
  • RRL queries
  • ACL denials
  • XFR failures
  • number of zones
  • number of expired zones
  • number of zone resigns
  • number of key rollovers
  • latency

What features we want

  • knotc dump
  • pull model (Prometheus)
  • push model (Graphana)
  • global statistics + per-zone statistics

How we achieve this

  • A global stats object with all the counters
  • A local stats object for per-zone stats (?)
  • Simple API for the stats object, custom functions for each different use (i.e. all queries be counted as a single unit, being broken into their attributes later)

Measurements of the Root Server System

The source. There are 6 metrics that the authors propose to track:

  1. time between the first NOTIFY being received and the new/changed zone data being published
  2. the size of the zone when compressed with maximum number of PTRs as if it were to be sent over AXFR without the two-byte length prefix in each packet
  3. number of queries - per each combination of UDP/TCP and IPv4/IPv6
  4. query and response size distribution
  5. RCODE distribution
  6. Number of sources seen - number of IPv4, IPv6 and IPV6-aggregated source addresses

What is my guess on the difficulty:

  1. easy-medium, I went through the code and found no problem with this
  2. medium-hard, I haven't found any ready code to compute that length; AFAIK AXFR is constructed in a stream and does not pre-compute the necessary length.
  3. easy
  4. easy
  5. easy
  6. hard and inefficient - we'd have to track all IP addresses we've received from and search among them with each and every query. I can't recommend this for production use.

Note: metrics 3, 4 and 5 are easily measured using already existing tools for DNS statistics and 1. could also be in theory measured by the aforementioned tools (though a bit more complicated). I'm not sure about 2. since it should be the same across all DNS servers/tools and be used only to make sure there are no other problems like file truncation. I'd recommend tracking IP addresses only for shorter periods of time and probably using those DNS tools as well. No need to implement this inside a DNS server.

Comments

    Please register or sign in to add a comment.