| Measurement |
Description |
Measurement Unit |
Interpretation |
| ipv4_req |
Indicates the number of IPv4 requests received by BIND DNS. |
Number |
These are good measures of the current workload of BIND DNS. |
| ipv6_req |
Indicates the number of IPv6 requests received by BIND DNS. |
Number |
| success_ans |
Indicates the number of query which returns a NOERROR response. |
Number |
A high value is desired for this measure. |
| auth_ans |
Indicates the number of queries that obtained response from the name servers, that have been configured by an original source. |
Number |
An authoritative name server provides actual answer to your DNS queries such as - mail server IP address or web site IP address (A resource record). It provides original and definitive answers to DNS queries. It does not provide just cached answers that were obtained from another name server. Therefore it only returns answers to queries about domain names that are installed in its configuration system.
The value of this measure represents the count of queries that were processed by authoritative name servers. |
| non_auth_ans |
Indicates the number of queries that obtain response from the Non-Authoritative name servers. |
Number |
|
| nxrrset |
Indicates the number of queries for which the name server returned the response NXRRSET. |
Number |
The value of this measure denotes the number of queries the name server handled that resulted in responses saying that the type of record the querier requested did not exist for the domain name it specified.
Ideally, the value of this measure should be 0. |
| serv_fail |
Indicates the number of queries that resulted in SERVFAIL error. |
Number |
The value of this measure indicates the number of queries that the server failed to complete because of errors when communicating with the delegated name server.
Ideally, the value of this measure should be 0. |
| nx_domain |
Indicates the number of queries that resulted in NXDOMAIN error. |
Number |
The NXDOMAIN error occurs when the domain name queried does not exist.
Ideally, the value of this measure should be 0. |
| ref_ans |
Indicates the number of queries that resulted in a referral answer. |
Number |
The term referral indicates a response to a query which does not contain an answer section (it is empty) but which contains one or more authoritative name servers that are closer to the required query question. |
| dup_ans |
Indicates the number of queries which the server attempted to recurse, but discovered an existing query with the same IP address, port, query ID, name, type and class already being processed. |
Number |
|
| tcp_req |
Indicates the number of TCP requests received. |
Number |
|
| auth_query |
Indicates the number of authoritative queries rejected. |
Number |
Ideally, these measures should report the value 0. |
| recur_query |
Indicates the number of recursive queries rejected. |
Number |
| update_reject |
Indicates the number of update requests rejected. |
Number |
| resp_sent |
Indicates the number of responses sent. |
Number |
| query_drop |
Indicates the number of recursive queries dropped as there exists an excessive number of queries of same name, type and class. |
Number |
Ideally, the value of this measure should be 0. |
| other_query_fail |
Indicates the number of other query failures. |
Number |
Ideally, the value of this measure should be 0. |
| query_recur |
Indicates the number of NS records that pointed to an incorrect host. |
Number |
A recursive query is one which the server attempts to service using its local cache. If it cannot find an answer, it will query other DNS servers until it finds the answer. The server will then respond to the original query with the results from each server's query.
Ideally, the value of this measure should be 0 - i.e., recursion should be disabled. This is because, servers that support recursive queries are vulnerable to fake requests from a spoofed IP address (the victim of the attack). The spoofed IP address can get overwhelmed by the number of DNS results it receives and be unable to serve regular Internet traffic. This is called an Amplifier attack because this method takes advantage of DNS servers to reflect the attack onto a target while also amplifying the volume of packets sent to the victim.
A consequence of this activity is that third party Network administrators who detect these requests may block your IP addresses. Your server could even be placed upon DNS blacklists. |
| ends_req |
Indicates the number of EDNS(0) messages received. |
Number |
Extension mechanisms for DNS (EDNS) is a specification for expanding the size of several parameters of the Domain Name System (DNS) protocol which had size restrictions that the Internet engineering community deemed too limited for increasing functionality of the protocol.
EDNS adds information to DNS messages in the form of pseudo-Resource Records (“pseudo-RRs”) included in the “additional data” section of a DNS message. Note that this section exists in both requests and responses.
EDNS introduces a single pseudo-RR type: OPT. As pseudo-RRs, OPT type RRs never appear in any zone file; they exist only in messages, fabricated by the DNS participants.
The OPT pseudo-record provides space for up to 16 flags and it extends the space for the response code. The overall size of the UDP packet and the version number (at present 0) are contained in the OPT record. A variable length data field allows further information to be registered in future versions of the protocol. |
| ends_resp |
Indicates the number of EDNS(0) messages sent. |
Number |