PowerDNS Cache dump in CSV

The objective is simple, a periodic cron cache dump of powerdns recursor on a setup.

1. create a shell code as below using nano-

#nano /usr/local/bin/pdns-cache-dump.sh

DAY=`/bin/date +%Y%m%d`
TFILE="/var/log/pdns-cache/$(basename $0).$DAY.csv"
rec_control dump-cache $TFILE
echo "cache dump completed, dump script by rumi (hasan.emdad@mango.com.bd)" Continue reading “PowerDNS Cache dump in CSV” »


rec_control man section


rec_control – control pdns_recursor


rec_control [–help] [–socket-dir] [–socket-pid] command ..


rec_control(1) allows the operator to control a running instance of the pdns_recursor.

The commands that can be passed to the recursor are described on http://doc.powerdns.com/rec-control.html


To stop the recursor by hand, run:

# rec_control quit

To dump the cache to disk, execute:

# rec_control dump-cache /tmp/the-cache



provide this helpful message


Where the controlsocket will live


When running in SMP mode, pid of pdns_recursor to control Continue reading “rec_control man section” »


PowerDNS: Rec Control

make rec_control be more user friendly
make wipe-cache accept non-dot terminated domain names
make wipe-cache return count of wiped ('wopen'?) domains
document best current practice when wiping (wipe more than www.domain, wipe domain as well)

rec_control – control pdns_recursor

'rec_control' [–help] [–socket-dir] [–socket-pid] command .. Continue reading “PowerDNS: Rec Control” »


Cacti: PowerDNS Recursor Templates

Here are a couple of graph templates for the PowerDNS recursor. They need a shell script to be installed on the DNS server, and an net-snmp config change.

Add the following to the snmpd.conf

extend pdns-rec /usr/local/bin/pdns_stats.sh

Put pdns_stats in /usr/local/bin, so that snmpd can find it (rename from pdns_stats.txt). Make it executable.

Then import the templates.

You end up with two graphs – one showing queries/sec + cache efficiency, and another one showing "exceptions" – slow queries, resource limits hit, spoof detection, etc.

You can use the existing templates with the new script, but the new version also allows you to use a couple more templates, which I've attached below. These are 'Performance' which shows the proportion of queries answered in particular time bands, and 'Concurrency' which shows the number of threads running. Continue reading “Cacti: PowerDNS Recursor Templates” »


Powerdns: init.d and mrtg

As mentioned before, the init.d commands dump, show and mrtg fetch data from a running PDNS process. Especially mrtg is powerful – it outputs data in a format that is ready for processing by the MRTG graphing tool.

MRTG can make insightful graphics on the performance of your nameserver, enabling the operator to easily spot trends. MRTG can be found on http://people.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg.html

A sample mrtg.conf:

Interval: 5
WorkDir: /var/www/mrtg
WriteExpires: yes
Options[_]: growright,nopercent
XSize[_]: 600


Target[udp-queries]: `/etc/init.d/pdns mrtg udp-queries udp-answers`
Options[udp-queries]: growright,nopercent,perminute
MaxBytes[udp-queries]: 600000
AbsMax[udp-queries]: 600000
Title[udp-queries]: Queries per minute
PageTop[udp-queries]: <H2>Queries per minute</H2>
WithPeak[udp-queries]: ymwd
YLegend[udp-queries]: queries/minute
ShortLegend[udp-queries]: q/m
LegendI[udp-queries]: udp-questions
LegendO[udp-queries]: udp-answers

Target[perc-failed]: `/etc/init.d/pdns mrtg udp-queries udp-answers`
Options[perc-failed]: growright,dorelpercent,perminute
MaxBytes[perc-failed]: 600000
AbsMax[perc-failed]: 600000
Title[perc-failed]: Queries per minute, with percentage success
PageTop[perc-failed]: <H2>Queries per minute, with percentage success</H2>
WithPeak[perc-failed]: ymwd
YLegend[perc-failed]: queries/minute
ShortLegend[perc-failed]: q/m
LegendI[perc-failed]: udp-questions
LegendO[perc-failed]: udp-answers

Target[packetcache-rate]: `/etc/init.d/pdns mrtg packetcache-hit udp-queries`
Options[packetcache-rate]: growright,dorelpercent,perminute
Title[packetcache-rate]: packetcache hitrate
MaxBytes[packetcache-rate]: 600000
AbsMax[packetcache-rate]: 600000
PageTop[packetcache-rate]: <H2>packetcache hitrate</H2>
WithPeak[packetcache-rate]: ymwd
YLegend[packetcache-rate]: queries/minute
ShortLegend[packetcache-rate]: q/m
LegendO[packetcache-rate]: total
LegendI[packetcache-rate]: hit

Target[packetcache-missrate]: `/etc/init.d/pdns mrtg packetcache-miss udp-queries`
Options[packetcache-missrate]: growright,dorelpercent,perminute
Title[packetcache-missrate]: packetcache MISSrate
MaxBytes[packetcache-missrate]: 600000
AbsMax[packetcache-missrate]: 600000
PageTop[packetcache-missrate]: <H2>packetcache MISSrate</H2>
WithPeak[packetcache-missrate]: ymwd
YLegend[packetcache-missrate]: queries/minute
ShortLegend[packetcache-missrate]: q/m
LegendO[packetcache-missrate]: total
LegendI[packetcache-missrate]: MISS

Target[latency]: `/etc/init.d/pdns mrtg latency`
Options[latency]: growright,nopercent,gauge
MaxBytes[latency]: 600000
AbsMax[latency]: 600000
Title[latency]: Query/answer latency
PageTop[latency]: <H2>Query/answer latency</H2>
WithPeak[latency]: ymwd
YLegend[latency]: usec
ShortLegend[latency]: usec
LegendO[latency]: latency
LegendI[latency]: latency

Target[recursing]: `/etc/init.d/pdns mrtg recursing-questions recursing-answers`
Options[recursing]: growright,nopercent,gauge
MaxBytes[recursing]: 600000
AbsMax[recursing]: 600000
Title[recursing]: Recursive questions/answers
PageTop[recursing]: <H2>Recursing questions/answers</H2>
WithPeak[recursing]: ymwd
YLegend[recursing]: queries/minute
ShortLegend[recursing]: q/m
LegendO[recursing]: recursing-questions
LegendI[recursing]: recursing-answers

Src: http://doc.powerdns.com/init-d-commands.html


Powerdns: rec_control command

The rec_control get command can be used to query the following statistics, either single keys or multiple statistics at once:

all-outqueries      counts the number of outgoing UDP queries since starting
answers0-1          counts the number of queries answered within 1 milisecond
answers100-1000     counts the number of queries answered within 1 second
answers10-100       counts the number of queries answered within 100 miliseconds
answers1-10         counts the number of queries answered within 10 miliseconds
answers-slow        counts the number of queries answered after 1 second
cache-bytes         Size of the cache in bytes (since 3.3.1)
cache-entries       shows the number of entries in the cache
cache-hits          counts the number of cache hits since starting
cache-misses        counts the number of cache misses since starting
chain-resends       number of queries chained to existing outstanding query
client-parse-errors counts number of client packets that could not be parsed
concurrent-queries  shows the number of MThreads currently running
dlg-only-drops      number of records dropped because of delegation only setting
dont-outqueries	    number of outgoing queries dropped because of 'dont-query' setting (since 3.3)
ipv6-outqueries     number of outgoing queries over IPv6
max-mthread-stack   maximum amount of thread stack ever used
negcache-entries    shows the number of entries in the Negative answer cache
noerror-answers     counts the number of times it answered NOERROR since starting
nsspeeds-entries    shows the number of entries in the NS speeds map
nsset-invalidations number of times an nsset was dropped because it no longer worked
nxdomain-answers    counts the number of times it answered NXDOMAIN since starting
outgoing-timeouts   counts the number of timeouts on outgoing UDP queries since starting
over-capacity-drops Questions dropped because over maximum concurrent query limit (since 3.2)
packetcache-bytes   Size of the packet cache in bytes (since 3.3.1)
packetcache-entries Size of packet cache (since 3.2)
packetcache-hits    Packet cache hits (since 3.2)
packetcache-misses  Packet cache misses (since 3.2)
qa-latency          shows the current latency average, in microseconds
questions           counts all End-user initiated queries with the RD bit set
resource-limits     counts number of queries that could not be performed because of resource limits
server-parse-errors counts number of server replied packets that could not be parsed
servfail-answers    counts the number of times it answered SERVFAIL since starting
spoof-prevents      number of times PowerDNS considered itself spoofed, and dropped the data
sys-msec            number of CPU milliseconds spent in 'system' mode
tcp-client-overflow number of times an IP address was denied TCP access because it already had too many connections
tcp-outqueries      counts the number of outgoing TCP queries since starting
tcp-questions       counts all incoming TCP queries (since starting)
throttled-out       counts the number of throttled outgoing UDP queries since starting
throttle-entries    shows the number of entries in the throttle map
unauthorized-tcp    number of TCP questions denied because of allow-from restrictions
unauthorized-udp    number of UDP questions denied because of allow-from restrictions
unexpected-packets  number of answers from remote servers that were unexpected (might point to spoofing)
uptime              number of seconds process has been running (since 3.1.5)
user-msec           number of CPU milliseconds spent in 'user' mode

In the rrd/ subdirectory a number of rrdtool scripts is provided to make nice graphs of all these numbers. Use rec_control get-all to get all statistics in one go.

It should be noted that answers0-1 + answers1-10 + answers10-100 + answers100-1000 + packetcache-hits + over-capacity-drops = questions.

Every half our or so, the recursor outputs a line with statistics. More infrastructure is planned so as to allow for Cricket or MRTG graphs. To force the output of statistics, send the process a SIGUSR1. A line of statistics looks like this:

Feb 10 14:16:03 stats: 125784 questions, 13971 cache entries, 309 negative entries, 84% cache hits, outpacket/query ratio 37%, 12% throttled

This means that there are 13791 different names cached, which each may have multiple records attached to them. There are 309 items in the negative cache, items of which it is known that don't exist and won't do so for the near future. 84% of incoming questions could be answered without any additional queries going out to the net.

The outpacket/query ratio means that on average, 0.37 packets were needed to answer a question. Initially this ratio may be well over 100% as additional queries may be needed to actually recurse the DNS and figure out the addresses of nameservers.

Finally, 12% of queries were not performed because identical queries had gone out previously, saving load servers worldwide.

Src: http://doc.powerdns.com/recursor-stats.html


Insall cache only powerdns server

I decided to install another caching dns server , after some research I found PowerDNS. it uses MySQL for storing its zones , but hopefully its caching component doesnt need mysql , so great , lets go and install it.
My favourite OS is debian lenny , so I ran the following command :

1 apt-get install pdns-recursor

WOW , it was very simple ! it is already working on localhost , but I needed it to listen on all IPs on my box and accept queries from everyone :D I wanted to serve public :p so I went to /etc/powerdns and opened “recursor.conf” file and made the following changes :

1 allow-from=
2 local-address=

and restarted the service by :

1 /etc/init.d/pdns-recursor restart

it’s done :D now it is working as a public caching name server.