Feature request - detailed statistics about unbound

Beastie · September 12, 2008, 1:18pm

Hello.

It would be very useful to have the ability to see additional
information insight of the unbound statistics reports.
Right now it shows only information about count of requests, but no
details about type of requests.
In general it would be grate to have separate tool/command that will
produces this kind of statistics.

My goal - integrate Unbound with cacti, without need to parse unbound.log.
It would be grate to type somthing like this, and get as output
somthing like that:

# unbound-stats
RECURSION:245543 CACHE:2352435 ALL:345325325

Please

Stephane_Bortzmeyer · September 15, 2008, 11:57am

a message of 22 lines which said:

It would be very useful to have the ability to see additional
information insight of the unbound statistics reports.

My personal opinion: no.

In general it would be grate to have separate tool/command that will
produces this kind of statistics.

A name server is already complicated enough and I no longer think it
is a good idea to complicate it further with statistics, specially
because of the security problems that may arise. Keep the code small
and clean, please.

Statistics are, in my opinion, best handled with completely separate
programs which sniff the requests and the responses. I recommend DSC
<https://www.dns-oarc.net/oarc/src/dsc>

Wouter · September 16, 2008, 8:49am

Hi Stephane, Beastie,

I am making a compromise. More statistics, but not the amount nor
detail that a dedicated package like DSC provides. Without webpages
with pretty graphs and data selection user interface; that does not
belong inside the nameserver. More similar to the BIND8_STATS in NSD
than the DSC package.

As config option 'extended-statictics'; default turned off (because of
speed).

I think:
types of queries, answer error codes, validation status, and also
spoof-nearmiss-counter (a plain unwanted traffic counter).

$ unbound-control stats
thread0.num.queries: 1234
thread0.requestlist.exceeded: 0
thread1.num.queries: 1345
thread1.requestlist.exceeded: 1
total.num.queries: 12345
total.requestlist.exceeded: 1
num.query.type.AAAA: 12
num.answer.secure: 123
num.answer.bogus: 23
unwanted.replies: 200000

It does not examine the query names, server names, or addresses, as that
creates a lot of extra code (and Stephane, I hear you, that is a problem).

Is this format easy to use as input for rrdtool, cacti, munin, ... ?
I could also print out:
unwanted_replies=200000

Best regards,
Wouter

Stephane Bortzmeyer wrote:

Jaco_Engelbrecht · September 16, 2008, 11:55am

Hi,

Wouter Wijngaards wrote:

Hi Stephane, Beastie,

I am making a compromise. More statistics, but not the amount nor
detail that a dedicated package like DSC provides. Without webpages
with pretty graphs and data selection user interface; that does not
belong inside the nameserver. More similar to the BIND8_STATS in NSD
than the DSC package.

Excellent!

As config option 'extended-statictics'; default turned off (because of
speed).

I think:
types of queries, answer error codes, validation status, and also
spoof-nearmiss-counter (a plain unwanted traffic counter).

$ unbound-control stats
thread0.num.queries: 1234
thread0.requestlist.exceeded: 0
thread1.num.queries: 1345
thread1.requestlist.exceeded: 1
total.num.queries: 12345
total.requestlist.exceeded: 1
num.query.type.AAAA: 12

I assume we'll then also see
num.query.type.{A,TXT,SPF,SRV,A6,NAPTR,PTR,DNSKEY,CNAME} etc.?

num.answer.secure: 123
num.answer.bogus: 23
unwanted.replies: 200000

It does not examine the query names, server names, or addresses, as that
creates a lot of extra code (and Stephane, I hear you, that is a problem).

Is this format easy to use as input for rrdtool, cacti, munin, ... ?
I could also print out:
unwanted_replies=200000

I personally like the (key=value) format more.

What would really rock is if you could have something like this:

# /etc/init.d/unbound dump
thread0.num.queries=1234,thread0.requestlist.exceeded=0,etc.

# /etc/init.d/unbound mrtg thread0.num.queries
1234
0
14.9 days
Unbound daemon

# /etc/init.d/unbound show thread0.num.queries
thread0.num.queries=1234

# /etc/init.d/unbound cricket thread0.num.queries
1234

(this is what PowerDNS does...)

When can you have a version ready for us to test?

Statistics is currently something stopping me from rolling out Unbound
for my entire caching DNS platform...

Cheers,
Jaco

Stephane_Bortzmeyer · September 16, 2008, 12:49pm

a message of 73 lines which said:

I think: types of queries, answer error codes, validation status,
and also spoof-nearmiss-counter (a plain unwanted traffic counter).

Memory use? This is the sort of statistics that an external program
like DSC cannot collect.

Beastie · September 16, 2008, 2:14pm

# /etc/init.d/unbound
unbound [start|stop|force-reload|restart|status|dump|show|mrtg|cricket|cacti]

It's me, again

If so, I want to add one public request for cacti.
As I mentioned to Wouter before, cacti waits for input in this
datastructure (in one string)
<fieldname_1>:<value_1> <fieldname_2>:<value_2> ... <fieldname_n>:<value_n>
(http://docs.cacti.net/?q=node/26)

In our example it can be like:
# /usr/local/etc/rc.d/unbound cacti
thread0.num.queries:1234 thread0.requestlist.exceeded:0
thread1.num.queries:1345 etc...

But, in general, key=value format will be enough... Only, befor to
feed it to cacti, it should be processed into right format using
sed/awk/etc

Good luck Wouter!

Wouter · September 16, 2008, 2:36pm

Hi Jaco,

Well, the code is in svn r1239 of the trunk, it is untested (well, it
worked for me 5 minutes ago ).
Still, if you want to beta test it, I would appreciate comments.

I changed to 'var=value' syntax.

I assume we'll then also see
num.query.type.{A,TXT,SPF,SRV,A6,NAPTR,PTR,DNSKEY,CNAME} etc.?

Yes.

Lines with =0 are omitted from the output, to avoid spamming
TYPE100..TYPE200=0 and CLASS123=0 lines.

What would really rock is if you could have something like this:

# /etc/init.d/unbound
unbound [start|stop|force-reload|restart|status|dump|show|mrtg|cricket]

# /etc/init.d/unbound dump
thread0.num.queries=1234,thread0.requestlist.exceeded=0,etc.

# /etc/init.d/unbound mrtg thread0.num.queries
1234
0
14.9 days
Unbound daemon

# /etc/init.d/unbound show thread0.num.queries
thread0.num.queries=1234

# /etc/init.d/unbound cricket thread0.num.queries
1234

(this is what PowerDNS does...)

Well init.d scripts are part of contrib, and they sure could be modified
to provide this functionality.

the 'dump' format I understand (unbound-control stats | tr '\n' ',')
also the 'show' and 'cricket' formats are clear.
Why is it called 'cricket' ?

And I do not really understand the mrtg format, what do the additional
lines mean. I got lost on the mrtg site looking for the answer.

When can you have a version ready for us to test?

Right now, but I may want to change things still.

Statistics is currently something stopping me from rolling out Unbound
for my entire caching DNS platform...

I hope the extended-stats can help you there. I added some memory (in
bytes) printouts as well, these values are cheap to compute and
informative of the state of the daemon.

Best regards,
Wouter

Stephane_Bortzmeyer · September 18, 2008, 7:27am

a message of 77 lines which said:

Statistics is currently something stopping me from rolling out Unbound
for my entire caching DNS platform...

For me, it is the lack of DLV support.

Wouter · September 18, 2008, 7:58am

Stephane Bortzmeyer wrote:

Jaco Engelbrecht <bje@serendipity.org.za> wrote

Statistics is currently something stopping me from rolling out Unbound
for my entire caching DNS platform...

For me, it is the lack of DLV support.

DLV support is implemented in svn trunk. Included in the next release.

Best regards,
Wouter