The objective is simple, a periodic cron cache dump of powerdns recursor on a setup.
1. create a shell code as below using nano-
rec_control dump-cache $TFILE
echo "cache dump completed, dump script by rumi (email@example.com)" Continue reading
rec_control – control pdns_recursor
rec_control [--help] [--socket-dir] [--socket-pid] command ..
rec_control(1) allows the operator to control a running instance of the pdns_recursor.
The commands that can be passed to the recursor are described on http://doc.powerdns.com/rec-control.html
To stop the recursor by hand, run:
# rec_control quit
To dump the cache to disk, execute:
# rec_control dump-cache /tmp/the-cache
provide this helpful message
Where the controlsocket will live
When running in SMP mode, pid of pdns_recursor to control Continue reading
make rec_control be more user friendly
make wipe-cache accept non-dot terminated domain names
make wipe-cache return count of wiped ('wopen'?) domains
document best current practice when wiping (wipe more than www.domain, wipe domain as well)
rec_control – control pdns_recursor
'rec_control' [--help] [--socket-dir] [--socket-pid] command .. Continue reading
Here are a couple of graph templates for the PowerDNS recursor. They need a shell script to be installed on the DNS server, and an net-snmp config change.
Add the following to the snmpd.conf
extend pdns-rec /usr/local/bin/pdns_stats.sh
Put pdns_stats in /usr/local/bin, so that snmpd can find it (rename from pdns_stats.txt). Make it executable.
Then import the templates.
You end up with two graphs – one showing queries/sec + cache efficiency, and another one showing "exceptions" – slow queries, resource limits hit, spoof detection, etc.
You can use the existing templates with the new script, but the new version also allows you to use a couple more templates, which I've attached below. These are 'Performance' which shows the proportion of queries answered in particular time bands, and 'Concurrency' which shows the number of threads running. Continue reading
As mentioned before, the init.d commands dump, show and mrtg fetch data from a running PDNS process. Especially mrtg is powerful – it outputs data in a format that is ready for processing by the MRTG graphing tool.
MRTG can make insightful graphics on the performance of your nameserver, enabling the operator to easily spot trends. MRTG can be found on http://people.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg.html
A sample mrtg.conf:
Target[udp-queries]: `/etc/init.d/pdns mrtg udp-queries udp-answers`
Title[udp-queries]: Queries per minute
PageTop[udp-queries]: <H2>Queries per minute</H2>
Target[perc-failed]: `/etc/init.d/pdns mrtg udp-queries udp-answers`
Title[perc-failed]: Queries per minute, with percentage success
PageTop[perc-failed]: <H2>Queries per minute, with percentage success</H2>
Target[packetcache-rate]: `/etc/init.d/pdns mrtg packetcache-hit udp-queries`
Title[packetcache-rate]: packetcache hitrate
PageTop[packetcache-rate]: <H2>packetcache hitrate</H2>
Target[packetcache-missrate]: `/etc/init.d/pdns mrtg packetcache-miss udp-queries`
Title[packetcache-missrate]: packetcache MISSrate
PageTop[packetcache-missrate]: <H2>packetcache MISSrate</H2>
Target[latency]: `/etc/init.d/pdns mrtg latency`
Title[latency]: Query/answer latency
PageTop[latency]: <H2>Query/answer latency</H2>
Target[recursing]: `/etc/init.d/pdns mrtg recursing-questions recursing-answers`
Title[recursing]: Recursive questions/answers
PageTop[recursing]: <H2>Recursing questions/answers</H2>
The rec_control get command can be used to query the following statistics, either single keys or multiple statistics at once:
all-outqueries counts the number of outgoing UDP queries since starting answers0-1 counts the number of queries answered within 1 milisecond answers100-1000 counts the number of queries answered within 1 second answers10-100 counts the number of queries answered within 100 miliseconds answers1-10 counts the number of queries answered within 10 miliseconds answers-slow counts the number of queries answered after 1 second cache-bytes Size of the cache in bytes (since 3.3.1) cache-entries shows the number of entries in the cache cache-hits counts the number of cache hits since starting cache-misses counts the number of cache misses since starting chain-resends number of queries chained to existing outstanding query client-parse-errors counts number of client packets that could not be parsed concurrent-queries shows the number of MThreads currently running dlg-only-drops number of records dropped because of delegation only setting dont-outqueries number of outgoing queries dropped because of 'dont-query' setting (since 3.3) ipv6-outqueries number of outgoing queries over IPv6 max-mthread-stack maximum amount of thread stack ever used negcache-entries shows the number of entries in the Negative answer cache noerror-answers counts the number of times it answered NOERROR since starting nsspeeds-entries shows the number of entries in the NS speeds map nsset-invalidations number of times an nsset was dropped because it no longer worked nxdomain-answers counts the number of times it answered NXDOMAIN since starting outgoing-timeouts counts the number of timeouts on outgoing UDP queries since starting over-capacity-drops Questions dropped because over maximum concurrent query limit (since 3.2) packetcache-bytes Size of the packet cache in bytes (since 3.3.1) packetcache-entries Size of packet cache (since 3.2) packetcache-hits Packet cache hits (since 3.2) packetcache-misses Packet cache misses (since 3.2) qa-latency shows the current latency average, in microseconds questions counts all End-user initiated queries with the RD bit set resource-limits counts number of queries that could not be performed because of resource limits server-parse-errors counts number of server replied packets that could not be parsed servfail-answers counts the number of times it answered SERVFAIL since starting spoof-prevents number of times PowerDNS considered itself spoofed, and dropped the data sys-msec number of CPU milliseconds spent in 'system' mode tcp-client-overflow number of times an IP address was denied TCP access because it already had too many connections tcp-outqueries counts the number of outgoing TCP queries since starting tcp-questions counts all incoming TCP queries (since starting) throttled-out counts the number of throttled outgoing UDP queries since starting throttle-entries shows the number of entries in the throttle map unauthorized-tcp number of TCP questions denied because of allow-from restrictions unauthorized-udp number of UDP questions denied because of allow-from restrictions unexpected-packets number of answers from remote servers that were unexpected (might point to spoofing) uptime number of seconds process has been running (since 3.1.5) user-msec number of CPU milliseconds spent in 'user' mode
rrd/ subdirectory a number of rrdtool scripts is provided to make nice graphs of all these numbers. Use rec_control get-all to get all statistics in one go.
It should be noted that answers0-1 + answers1-10 + answers10-100 + answers100-1000 + packetcache-hits + over-capacity-drops = questions.
Every half our or so, the recursor outputs a line with statistics. More infrastructure is planned so as to allow for Cricket or MRTG graphs. To force the output of statistics, send the process a SIGUSR1. A line of statistics looks like this:
Feb 10 14:16:03 stats: 125784 questions, 13971 cache entries, 309 negative entries, 84% cache hits, outpacket/query ratio 37%, 12% throttled
This means that there are 13791 different names cached, which each may have multiple records attached to them. There are 309 items in the negative cache, items of which it is known that don't exist and won't do so for the near future. 84% of incoming questions could be answered without any additional queries going out to the net.
The outpacket/query ratio means that on average, 0.37 packets were needed to answer a question. Initially this ratio may be well over 100% as additional queries may be needed to actually recurse the DNS and figure out the addresses of nameservers.
Finally, 12% of queries were not performed because identical queries had gone out previously, saving load servers worldwide.
I decided to install another caching dns server , after some research I found PowerDNS. it uses MySQL for storing its zones , but hopefully its caching component doesnt need mysql , so great , lets go and install it.
My favourite OS is debian lenny , so I ran the following command :
WOW , it was very simple ! it is already working on localhost , but I needed it to listen on all IPs on my box and accept queries from everyone I wanted to serve public :p so I went to /etc/powerdns and opened “recursor.conf” file and made the following changes :
and restarted the service by :
it’s done now it is working as a public caching name server.