Chapter 22. Index of all Authoritative Server metrics

Table of Contents

1. Counters & variables
1.1. Counters
1.2. Ring buffers

1. Counters & variables

A number of counters and variables are set during PDNS Authoritative Server operation. These can be queried with the init.d dump, show and mrtg commands, or viewed with the webserver.

1.1. Counters

corrupt-packets

Number of corrupt packets received

latency

Average number of microseconds a packet spends within PDNS

packetcache-hit

Number of packets which were answered out of the cache

packetcache-miss

Number of times a packet could not be answered out of the cache

packetcache-size

Amount of packets in the packetcache

qsize-a

Size of the queue before the transmitting socket.

qsize-q

Number of packets waiting for database attention

rd-queries

Number of packets sent by clients requesting recursion (regardless of if we'll be providing them with recursion). Since 3.4.0.

recursing-questions

Number of packets we supplied an answer to after recursive processing

recursing-questions

Number of packets we performed recursive processing for

recursion-unanswered

Number of packets we sent to our recursor, but did not get a timely answer for. Since 3.4.0.

servfail-packets

Amount of packets that could not be answered due to database problems

tcp-answers

Number of answers sent out over TCP

tcp-questions

Number of questions received over TCP

timedout-questions

Amount of packets that were dropped because they had to wait too long internally

udp-answers

Number of answers sent out over UDP

udp-queries

Number of questions received over UDP

udp4-answers

Number of answers sent out over UDPv4

udp4-queries

Number of questions received over UDPv4

udp6-answers

Number of answers sent out over UDPv6

udp6-queries

Number of questions received over UDPv6

1.2. Ring buffers

Besides counters, PDNS also maintains the ringbuffers. A ringbuffer records events, each new event gets a place in the buffer until it is full. When full, earlier entries get overwritten, hence the name 'ring'.

By counting the entries in the buffer, statistics can be generated. These statistics can currently only be viewed using the webserver and are in fact not even collected without the webserver running.

The following ringbuffers are available:

Log messages (logmessages)

All messages logged

Queries for existing records but for a type we don't have (noerror-queries)

Queries for, say, the AAAA record of a domain, when only an A is available. Queries are listed in the following format: name/type. So an AAA query for pdns.powerdns.com looks like pdns.powerdns.com/AAAA.

Queries for non-existing records within existing domains(nxdomain-queries)

If PDNS knows it is authoritative over a domain, and it sees a question for a record in that domain that does not exist, it is able to send out an authoritative 'no such domain' message. Indicates that hosts are trying to connect to services really not in your zone.

UDP queries received (udp-queries)

All UDP queries seen.

Remote server IP addresses (remotes)

Hosts querying PDNS. Be aware that UDP is anonymous - person A can send queries that appear to be coming from person B.

Remotes sending corrupt packets (remote-corrupts)

Hosts sending PDNS broken packets, possibly meant to disrupt service. Be aware that UDP is anonymous - person A can send queries that appear to be coming from person B.

Remotes querying domains for which we are not auth (remote-unauth)

It may happen that there are misconfigured hosts on the internet which are configured to think that a PDNS installation is in fact a resolving nameserver. These hosts will not get useful answers from PDNS. This buffer lists hosts sending queries for domains which PDNS does not know about.

Queries that could not be answered due to backend errors (servfail-queries)

For one reason or another, a backend may be unable to extract answers for a certain domain from its storage. This may be due to a corrupt database or to inconsistent data. When this happens, PDNS sends out a 'servfail' packet indicating that it was unable to answer the question. This buffer shows which queries have been causing servfails.

Queries for domains that we are not authoritative for (unauth-queries)

If a domain is delegated to a PDNS instance, but the backend is not made aware of this fact, questions come in for which no answer is available, nor is the authority. Use this ringbuffer to spot such queries.