| 31.6. DNS diagnostics, statistics and debug | ||
|---|---|---|
 | Chapter 31. DNS - Domain Name System |  |
| 31.6. DNS diagnostics, statistics and debug | ||
|---|---|---|
| | Chapter 31. DNS - Domain Name System | |
This command reports the current situation of the DNS resource:
[17:49:20] ABILIS_CPX:d d dns
RES:Dns -----------------------------------------------------------------------
Domain_Name_System
STATE:READY PRI-SERVER:008.008.008.008 SEC-SERVER:008.008.004.004
----------------|-- STATE --|--- CUR ---|-- PEAK ---|--- MAX ---|
CACHE |READY | 140| 888| 5000|
RELAY |READY | 0| 500| 500|
RELAY-BLACKLIST |READY | 33| -| 2000|
SERVER |READY | | | |
-----------------------------------------------------------------The meaning:
STATEThe DNS driver state:
INACTIVE - State set when the
configuration parameter
ACT:NO and loaded by DNS
driver.
ACTIVE - The driver is fully ready to
work.
PRI-SERVERCurrent DNS primary server IP address.
SEC-SERVERCurrent DNS secondary server IP address.
CACHE-STATEThe DNS cache state:
INACTIVE - The parameter
CACHE:NO and loaded by
DNS driver, or when the parameter
ACT:NO.
DOWN - Some internal errors which
force CACHE service to be not operation are occurred.
READY - The DNS cache is activated
and ready to work: (parameter
CACHE:YES) and no errors
with UDP service and
ACT:YES.
RELAY-STATEThe DNS relay state:
INACTIVE - The parameter
RELAY:NO and loaded by
DNS driver, or when the parameter
ACT:NO.
DOWN - Registration to lower UDP
ports fail, better said when the "use" of UDP service is not
possible.
READY - The DNS relay is fully ready
to work: no errors with UDP service and
ACT:YES.
RELAY-BLACKLISTThe DNS relay blacklist state:
INACTIVE - The parameter
RELAY-BLACKLIST:NO and
loaded by DNS driver, or when the parameter
ACT:NO.
DOWN - Registration to lower UDP
ports fail, better said when the "use" of UDP service is not
possible.
READY - The DNS relay blacklist is
fully ready to work: no errors with UDP service and
ACT:YES.
SERVER-STATEThe DNS local server state:
INACTIVE - The parameter
SERVER:NO and loaded by
DNS driver, or when the parameter
ACT:NO.
DOWN - Registration to lower UDP
ports fail, better said when the "use" of UDP service is not
possible.
READY - The DNS server is activated
and ready to work: (parameter
SERVER:YES) and no
errors with UDP service and
ACT:YES.
CACHE-CURCurrent number of used DNS cache entries.
CACHE-PEAKThe peak of used DNS cache entries.
CACHE-SIZEActual number of DNS cache entries available.
RELAY-CURRELAY records currently occupied with pending requests.
RELAY-PEAKThe peak of DNS relay requests.
RELAY-SIZEActual size of the requests' table.
RELAY-BLACKLIST-CURCurrently banned domains.
RELAY-BLACKLIST-SIZEActual size of the relay-blacklist table.
This command can help to understand what is happening, in case of troubles:
[11:42:10] ABILIS_CPX:d s dnsRES:Dns ----------------------------------------------------------------------- Domain_Name_System --- Cleared 4 days 09:37:13 ago, on 28/09/2017 at 01:15:37 ------------- - Resolver ------------------------------------------------------------- -----------|---INPUT---|--OUTPUT---|-----------|---INPUT---|--OUTPUT---| PRI-QUERIES| | 22|SEC-QUERIES| | 6| PRI-RES | 14| |SEC-RES | 0| | PRI-UNK | 0| |SEC-UNK | 0| | PRI-RTY-OVR| 0| |SEC-RTY-OVR| 0| | PRI-TOUT | 8| |SEC-TOUT | 6| | PRI-ERRORS | 0| |SEC-ERRORS | 0| | ------------------------------------------------------------------------ - Relay/Server --------------------------------------------------------- -----------|---INPUT---|--OUTPUT---|-----------|---INPUT---|--OUTPUT---| REQ-TOTAL | 2571| |PRI-REQ-RSP| 1940| 2475| REQ-SUCC | 2013| |SEC-REQ-RSP| 0| 558| REQ-BAD | 0| |PRI-NOMATCH| 535| | OVERFLOW | 23| |SEC-NOMATCH| 535| | DENIED-IP | 0| |RSP-BAD | 13| | ------------------------------------------------------------------------
With reference to the shown interval of time («Cleared 4 days 09:37:13 ago») these counters show the number of:
PRI/SEC-QUERIES | Queries for primary/secondary DNS server. |
PRI/SEC-RES | Primary/Secondary resolved hostnames. |
PRI/SEC-UNK | Primary/Secondary unknown host (answer received from server). |
PRI/SEC-RTY-OVR | Primary/Secondary retransmission request without any answer from DNS server. |
PRI/SEC-TOUT | Primary/Secondary timed-out server (answer was not received from server). |
PRI/SEC-ERRORS | Primary/Secondary errors (e.g. Wrong datagram format). |
REQ-TOTAL | All the clients' requests that arrived to DNS relay. |
REQ-SUCC | Client's requests that were successfully processed. |
REQ-BAD | Requests that was malformed or contained formal errors. |
OVERFLOW | Client's requests that was discarded because the table was full. |
DENIED-IP | DNS requests received from the clients but not processed
because requester (the author of this DNS request) is not
allowed. The not-allowed requester is a client whose IP address
is not present in IPSRC and
IPSRCLIST parameters configuration. |
PRI/SEC-REQ-RSP | IN - responses from primary/secondary DNS that could be sent back to the client. OUT - requests sent to primary/secondary DNS server. |
PRI/SEC-NOMATCH | Responses from primary/secondary DNS for which a matching
request was not found in the table. A record in the table for a
response could not found when: - DNS relay has not received a matching request for this response. - A record for this response was in the table but it became out of date and was used for other request. |
RSP-BAD | Responses that had to be discarded because they had formal errors that prevents further processing. |
Type the following command to view the commands allowed:
[15:03:49] ABILIS_CPX:debug res:dns
RES:Dns -----------------------------------------------------------------------
Domain_Name_System
BufferLength:64512 Date/Time:02/08/2016 15:03:53 TraceTime:99775682
Usage:
LSN:0 = This help
LSN:1 = Local statistics
LSN:2 CMD:<name> = Query: A (direct name lookup)
LSN:3 CMD:<ipadd> = Query: PTR (reverse ip lookup)
LSN:4 CMD:<name> = Query: MX (mail exchange)
LSN:5 CMD:<ipadd> = Query: MX (mail exchange)
LSN:9 = Show DNS server's addresses
LSN:20 = Load the blacklist from the file
LSN:21 = Save the blacklist into the file
LSN:22 CMD:<PAGE> = Show the DNS blacklist table PAGE (1...9)
LSN:23 CMD:<domain> = Add the <domain> to the blacklist
LSN:24 CMD:<domain> = Remove the <domain> from the blacklist
LSN:25 CMD:<FQDN> = Test the FQDN against the blacklist
LSN:29 = Print blacklist status
LSN:40 CMD:<PAGE> = Show the FQDN log table PAGE (1...9)
LSN:41 CMD:<PAGE> = Show the FQDN log table PAGE (1...9) with ageing order
LSN:42 CMD:<PAGE> = Show the FQDN log hash table PAGE (1...9)
LSN:43 CMD:<FQDN> = Add the <FQDN> to the log table
LSN:47 = Clear FQDN log list
LSN:48 = Show FQDN log statistics
LSN:49 = Clear FQDN log statistics
![[Note]](../images/note.png) | Note |
|---|---|
To use these commands you need to have administrator or super user rights. |
Example: Type the following command to do a reverse IP lookup query.
[15:03:53] ABILIS_CPX:debug res:dns lsn:3 cmd:8.8.8.8
RES:Dns -----------------------------------------------------------------------
Domain_Name_System
BufferLength:64512 Date/Time:02/08/2016 15:05:09 TraceTime:99852319
Host: 8.8.8.8
Name: google-public-dns-a.google.com| |  | |
| 31.5. DNS Blacklist (Web filter) |  | Chapter 32. DDNS - Dynamic DNS |