bind9 host-statistics

Author: Shapor Naghibzadeh <shapor@shapor.com>
Date: August 20, 2008

Overview

I've heard a few people asking about host-statistics support in bind9, so I thought I'd share the patch I recently coded to implement it. It is far less memory intensive than the bind8 implementation, as it only tracks a single "question count" per host.

It uses the same host-statistics and host-statistics-max options, as documented for bind8. Only IPv4 is supported, so all others queries (IPv6) will appear in the count for "0.0.0.0".

Output

The output is very similar to the old format, so if you have any automatic parsers for bind8 host-statistics output, they should work with little or no modification.

+++ Statistics Dump +++ (1219265892)
success 0
referral 0
nxrrset 0
nxdomain 0
recursion 4
failure 0
duplicate 0
dropped 0
++ Name Server Statistics ++
(Legend)
      TotalQ
[192.168.0.100]
   3
[192.168.0.102]
   1
--- Statistics Dump --- (1219265892)

Implementation

I implemented host-statistics using a hashed, unordered linked list to store the counters with host-ordered uint32's for the IP addresses, so it only needs 12 bytes of memory per IP tracked on a 32 bit machine, plus the negligible 8kB overhead of the 1024-entry hash table and locks. This comes out to only 12MB of memory to track queries 1 million unique clients.

However, if you wish to use this on a high traffic server with close to that many clients, you probably want to turn up the HOSTSTAT_HASHSIZE to something larger than 1k to reduce the overhead of walking the linked lists. It could also be made more efficient by storing the entries in order and using a binary search, but I didn't need this, so I didn't code it.

I also didn't care what the responses were, just where queries were coming from, so I only tracked total queries (as "TotalQ"). It would be fairly easy to add support for more counters, as the TotalQ counter is incremented in the same function which implements the other statistics counters.

Download

Download the bind9.host-statistics.patch against bind version 9.4.2-P2. It will probably also apply to other versions as well. Let me know how it works for you by emailing shapor@shapor.com.

Installation

This is pretty straightforward. You basically follow the same steps you would installing bind from source, just apply the patch after you untar the it. You may see some offsets as seen below, which is ok as long as it doesn't print FAILED.

$ http://ftp.isc.org/isc/bind9/9.4.3b2/bind-9.4.3b2.tar.gz
$ tar xzf bind-9.4.3b2.tar.gz
$ cd bind-9.4.3b2
$ patch -p1 </path/to/download/bind9.host-statistics.patch 
patching file bin/named/include/named/server.h
patching file bin/named/query.c
patching file bin/named/server.c
Hunk #1 succeeded at 2936 (offset 83 lines).
Hunk #2 succeeded at 3707 (offset 89 lines).
Hunk #3 succeeded at 3746 (offset 89 lines).
Hunk #4 succeeded at 4308 (offset 89 lines).
Hunk #5 succeeded at 4350 (offset 89 lines).
patching file lib/isccfg/namedconf.c
Hunk #1 succeeded at 670 (offset 52 lines).
$ ./configure && make

Notes

Posted to bind-users and bug-suggest lists in this thread August 20, 2008.

shapor.com