Re: Sanity Check

2023-02-17 Thread Ed Daniel via bind-users 

On 17/02/2023 16:06, Bob McDonald wrote:
I'm implementing a caching resolver under FreeBSD 13.1 running on a 
RaspberryPI. Bind 9.18.11


My named.conf is below. My question is do these look like workable 
options? I include logging and a statistics channel in my preliminary 
implementations for more detail on what's going on. That will go away 
eventually. Any comments are welcome.


Thanks,

Bob

named.conf:

acl rfc1918-nets {
10.0.0.0/8 ;
172.16.0.0/12 ;
192.168.0.0/16 ;
};

include "/usr/local/etc/namedb/rndc.key";

controls {
         inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
         inet ::1 port 953 allow { ::1; } keys { rndc-key; };
};

options {
         directory       "/usr/local/etc/namedb/working";
         pid-file        "/var/run/named/pid";
         dump-file       "/var/dump/named_dump.db";
         statistics-file "/var/stats/named.stats";
         secroots-file "/var/cache/bind/secroots.txt";
         memstatistics-file "/var/stats/named_mem_stats.txt";
         managed-keys-directory "/var/cache/bind";
         session-keyfile "/var/cache/bind/session.key";
         recursion yes;
         masterfile-format text;
         minimal-responses no;
         empty-zones-enable yes;
         empty-server "raspberrypi-00.ddisupport.tech";
         empty-contact "robert\.mcdonald.ddiarchitect.tech";
         querylog yes;
         query-source address 172.27.255.99;
         transfer-source 172.27.255.99;
         notify-source 172.27.255.99;
         request-nsid yes;
         server-id hostname;
         zone-statistics full;
         dnssec-validation auto;
         dnssec-accept-expired no;

         listen-on       { 127.0.0.1; };
         listen-on       { 172.27.255.99; };
         listen-on-v6    { ::1; };

         allow-query { ::1; 127.0.0.1; rfc1918-nets; };
         allow-query-cache { ::1; 127.0.0.1; rfc1918-nets; };
         allow-recursion { ::1; 127.0.0.1; rfc1918-nets; };
};

zone "localhost"        { type master; file 
"/usr/local/etc/namedb/primary/localhost-forward.db"; };
zone "127.in-addr.arpa" { type master; file 
"/usr/local/etc/namedb/primary/localhost-reverse.db";};


statistics-channels {
         inet 172.27.255.99 port 28079 allow { rfc1918-nets; };
};

logging {
         channel default_log {
                 file "/var/log/named/default" versions 3 size 1m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         };
         channel auth_servers_log {
                 file "/var/log/named/auth_servers" versions 3 size 1m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         };
         channel dnssec_log {
                 file "/var/log/named/dnssec" versions 3 size 1m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         };
         channel zone_transfers_log {
                 file "/var/log/named/zone_transfers" versions 3 size 1m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         };
         channel ddns_log {
                 file "/var/log/named/ddns" versions 3 size 1m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         };
         channel client_security_log {
                 file "/var/log/named/client_security" versions 3 size 1m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         };
         channel rate_limiting_log {
                 file "/var/log/named/rate_limiting" versions 3 size 1m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         };
         channel rpz_log {
                 file "/var/log/named/rpz" versions 3 size 1m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         };
         channel dnstap_log {
                 file "/var/log/named/dnstap" versions 3 size 1m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         };
         channel queries_log {
                 file "/var/log/named/queries" versions 600 size 20m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         };
         channel query-errors_log {
                 file "/var/log/named/query-errors" versions 5 size 20m;
                 print-time

Re: I need to find statistics on a running server.

2023-01-13 Thread Ed Daniel via bind-users 

On 12/01/2023 18:20, King, Harold Clyde (Hal) via bind-users wrote:

I need to find some answers like queries per second.  Any fast ideas folks?

--

Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services

The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599




You might like to check this out too:
https://www.dns-oarc.net/oarc/data/dsc
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users