bind – dump cache, how much memory might be occupied by the query cache

It is difficult to understand how BIND manages the occupied memory of your server. And most of the problems for DNS forwarders are the memory related – it grows enormously and if you try limiting it you might end up with a DNS server dropping some connections.
So if you have a DNS BIND9 server (especially a forwarder) you can dump the query cache into a file and see the size of the file. Such you might get the tentative memory usage of your BIND9 server.

rdnc dumpdb

To dump the query cache.

A real world example. Always include “-all” to be sure all the cache is dumped in the file!

root@srv1 # rndc dumpdb -all
root@srv1 # ls -altr /var/bind/
total 141596
drwxrwxr-x 2 bind bind      4096 Jan 25 00:56 pri
drwxrwxr-x 2 bind bind      4096 Jan 25 00:56 dyn
-rw-rwxr-- 1 bind bind      3289 Jan 25 00:58 root.cache
drwxr-xr-x 5 bind bind      4096 Feb 13 05:15 ..
drwxrwxr-x 2 bind bind     12288 May  7 10:00 sec
drwxrwxr-x 5 bind bind      4096 May  8 03:52 .
-rw-r--r-- 1 bind bind 144810299 May  8 03:56 named_dump.db

As you can see our dump file is around 139 Mbytes size, so you can expect at least 140 Mbytes of memory to be used for the BIND9 query cache. You can track in your case the footprint of named process and the size of the dump file.

Here is what you can find in the named_dump.db file:

; Zone dump of '10.10.10.in-addr.arpa/IN/america'
;
10.10.10.in-addr.arpa.                      86400 IN SOA      ns1.exa-ns5.com. wdns.exa-ns5.com. 2065407385 60 30 2419200 30
10.10.10.in-addr.arpa.                      1800 IN NS        ns1.exa-ns5.com.
10.10.10.in-addr.arpa.                      1800 IN NS        ns2.exa-ns5.com.
10.10.10.in-addr.arpa.                      1800 IN NS        ns4.exa-ns5.com.
10.10.10.in-addr.arpa.                      1800 IN NS        ns5.exa-ns5.com.
1.10.10.10.in-addr.arpa.                    86400 IN PTR      1.example.com.
2.10.10.10.in-addr.arpa.                    86400 IN PTR      2.example.com.
;
; Zone dump of '10.10.11.in-addr.arpa/IN/america'
;
10.10.11.in-addr.arpa.                      86400 IN SOA      ns1.exa-ns5.com. wdns.exa-ns5.com. 2065407385 60 30 2419200 30
10.10.11.in-addr.arpa.                      1800 IN NS        ns1.exa-ns5.com.
10.10.11.in-addr.arpa.                      1800 IN NS        ns2.exa-ns5.com.
10.10.11.in-addr.arpa.                      1800 IN NS        ns4.exa-ns5.com.
10.10.11.in-addr.arpa.                      1800 IN NS        ns5.exa-ns5.com.
18.10.10.11.in-addr.arpa.                   86400 IN PTR      ns1.exa-ns5.com.
19.10.10.11.in-addr.arpa.                   86400 IN PTR      ns2.exa-ns5.com.

; Zone dump of 'example.com/IN/america'
;
example.com.                                    180 IN SOA        ns1.exa-ns5.com. support.example.com. 2065407734 60 30 2419200 30
example.com.                                    1800 IN NS        ns1.exa-ns5.com.
example.com.                                    1800 IN NS        ns2.exa-ns5.com.
example.com.                                    1800 IN NS        ns4.exa-ns5.com.
example.com.                                    1800 IN NS        ns5.exa-ns5.com.
example.com.                                    180 IN MX         1 ASPMX.L.GOOGLE.COM.
example.com.                                    180 IN MX         5 ALT1.ASPMX.L.GOOGLE.COM.
example.com.                                    180 IN MX         5 ALT2.ASPMX.L.GOOGLE.COM.
example.com.                                    180 IN MX         10 ASPMX2.GOOGLEMAIL.COM.
example.com.                                    180 IN MX         10 ASPMX3.GOOGLEMAIL.COM.
*.210.example.com.                            180 IN A          10.10.10.10
*.2107.example.com.                           180 IN A          10.10.10.134
*.2109.example.com.                           180 IN A          10.10.10.138
*.2115.example.com.                           180 IN A          10.10.10.98
*.2117.example.com.                           180 IN A          10.10.10.99
*.2119.example.com.                           180 IN A          10.10.11.2
*.2131.example.com.                           180 IN A          10.10.11.6
*.2246.example.com.                           180 IN A          10.11.11.13
*.2260.example.com.                           180 IN A          10.11.12.184
*.2271.example.com.                           180 IN A          10.11.13.158
*.2298.example.com.                           180 IN A          10.11.14.14
*.2292.example.com.                           180 IN A          10.10.15.65
*.2296.example.com.                           180 IN A          10.10.10.100

Here is the syntax

You can dump only a zone or view.

  dumpdb [-all|-cache|-zones] [view ...]
                Dump cache(s) to the dump file (named_dump.db).

bind – dns server queries statistics with statistics-file

There is an option “statistics-file” in the BIND9 configuration for query statistics. It will give you statistics for

  • Incoming Requests – total number of queries
  • Incoming Queries – queries by record type
  • Outgoing Queries – queries by record type per view
  • Name Server Statistics – extended queries statistics by network connection type (UDP, TCP or IPv4 and IPv6 interface), by type of answer (authoritative, non authoritative and so on) and more
  • Zone Maintenance Statistics – transfer and system queries
  • Resolver Statistics – recursive queries
  • Cache DB RRsets – cached resources records sets
  • Socket I/O Statistics – statistics numbers for UDP, TCP (for both IPv4 and IPV6) sockets and connections opened, closed, failure
  • Per Zone Query Statistics – so you can see how many queries you have for a zone in a view (and the transfers if the server is a slave)

In named.conf:

options {
....
    statistics-file "/var/log/named.stats";
    zone-statistics yes ;
....

But if you check in /var/log this file might be missing even your BIND server has been running for months!

This is because the statistics and the file is generated on request and is a snapshot at the moment you do the request

To request from the BIND server to generate the file is pretty easy:

root@srv ~ # rndc stats
root@srv ~ #

No standard output and you should have the stats file generated:

root@srv ~ # ls -altr /var/log/named.stats 
-rw-r--r-- 1 named named 174997 Apr  7 01:43 /var/log/named.stats

The generated requests are appended in the file with a UNIX timestamp.

....
--- Statistics Dump --- (1550561292)
+++ Statistics Dump +++ (1551233218)
....

Keep on reading!