download

Chapter 13MonitoringWhile setting up a basic DNS server (either caching/forwarding or authoritative)is quite simple, monitoring the performance and health of a DNS server could besomewhat tricky. Luckily, there are some fine tools available in the ports tree underthe /usr/ports/dns directory. However, we start with some BIND tools thatwould help.The BIND's built-in rndc(8) is very helpful in extracting status information from arunning named process.# rndc statusnumber of zones: 3debug level: 0xfers running: 0xfers deferred: 0soa queries in progress: 0query logging is OFFrecursive clients: 93/2500tcp clients: 0/100server is up and runningThe status shows various counter values, which in turn show a number of in-processqueries, which would be helpful in measuring the load of a running server.The dnstop(8) utility is also very useful in monitoring DNS activity in a liveenvironment. dnstop can be installed from ports under /usr/ports/dns/dnstop.This utility actually captures DNS traffic information from the specified networkinterface, and shows live statistics of the DNS queries on various parameters, such assource address, destination address, and queried address with different levelsof details.OptimizationsWhile running a DNS server under load, your server should deal with plenty ofsmall UDP packets, which may sometimes be several hundreds or thousands persecond. Your entire setup should be configured in such a way that your server picksup the packet from the NIC, and passes it to upper levels in the network stack,right up to the DNS server. DNS server should also process the packet and return aresponse back to the lower levels of network stack and finally to your NIC for furthertransmission over the wire, in the shortest possible time.This can be achieved by optimizing network stack and DNS server software tominimize the processing delay.[ 219 ]