[[ Is there no one who knows this? ]]
Greetings. I am starting to use NSD, and would like to get some indication of when my server is being queried. The doc for "verbosity: <level>" aren't too specific. What do the various values mean? (This question can also be interpreted as a bug report for the nsd.conf man page...)
--Paul Hoffman
Hi Paul,
Verbosity level 1 gives you more information about incoming notifies and
zone transfers.
Verbosity level 2 gives you soft warnings, if encountered.
I agree that this should be documented in a better way than it is now.
There is no level of verbosity that logs an incoming query. If you want
statistics, you might want to configure NSD with --enable-bind8-stats,
which will log BIND8 like NSTATS and XSTATS. The option 'statistics:'
lets you specify the logging rate of the statistics.
Best regards,
Matthijs Mekking
NLnet Labs
Paul Hoffman wrote:
a message of 48 lines which said:
Verbosity level 1 gives you more information about incoming notifies and
zone transfers.
I just played with a NSD 3.2.4 and verbosity and I see that failed
zone transfers are indeed logged:
[1268384936] nsd[18828]: info: axfr for zone langtag.net. from client 192.134.4.69 refused, no acl matches
But successful zone transfers are not. Nothing appears in the
log. Bug?
My nsd.conf:
logfile: "/var/log/nsd.log"
verbosity: 2
Verbosity level 1 gives you more information about incoming notifies and
zone transfers.I just played with a NSD 3.2.4 and verbosity and I see that failed
zone transfers are indeed logged:[1268384936] nsd[18828]: info: axfr for zone langtag.net. from client 192.134.4.69 refused, no acl matches
I think that should probably always be logged, not just with verbosity increased?
But successful zone transfers are not. Nothing appears in the
log. Bug?
Though that I can understand being behind a verbosity flag.
Paul
a message of 18 lines which said:
[1268384936] nsd[18828]: info: axfr for zone langtag.net. from client 192.134.4.69 refused, no acl matches
I think that should probably always be logged, not just with
verbosity increased?
Matter of taste: some people prefer NOT to log failures because it
opens a road to DoS attacks (anyone can request AXFRs, just to fill in
your logs).
But successful zone transfers are not. Nothing appears in the
log. Bug?Though that I can understand being behind a verbosity flag.
Sorry, cannot parse. Another try?
[1268384936] nsd[18828]: info: axfr for zone langtag.net. from client 192.134.4.69 refused, no acl matches
I think that should probably always be logged, not just with
verbosity increased?Matter of taste: some people prefer NOT to log failures because it
opens a road to DoS attacks (anyone can request AXFRs, just to fill in
your logs).
Exponential back of ? 
Paul
But successful zone transfers are not. Nothing appears in the
log. Bug?Though that I can understand being behind a verbosity flag.
Sorry, cannot parse. Another try?
I meant "success" can be hidden without verbosity enabled.
Paul
dnscap + script of your choice
or
dsc (http://dns.measurement-factory.com/), which seems to be a
(public) favorite of root operators using NSD.