Statistics¶
dnsdist keeps statistics on the queries it receives and send out. They can be accessed in different ways:
- via the console (see Working with the dnsdist Console), using
dumpStats()for the general ones,showServers()for the ones related to the backends,showBinds()for the frontends, getPool(“pool name”):getCache():printStats() for the ones related to a specific cache and so on - via the internal webserver (see Built-in webserver) which includes a Prometheus endpoint
- via Carbon / Graphite / Metronome export (see Exporting statistics via Carbon)
- via SNMP (see SNMP support)
To make sense of the statistics, the following relation should hold:
queries - noncompliant-queries = responses - noncompliant-responses + downstream-timeouts + no-policy + rule-drop
Before 1.8.0, cache hits and self-answered responses were not accounted in the responses counters, so the relation was:
responses - noncompliant-responses + cache-hits + downstream-timeouts + self-answered + no-policy + rule-drop
Note that packets dropped by eBPF (see eBPF Socket Filtering) are accounted for in the eBPF statistics, and do not show up in the metrics described on this page.
Note that counters that come from /proc/net/ are operating system specific counters.
They do not reset on service restart and they are not only related to dnsdist.
For more information on these counters, refer to Linux networking
counter documentation
and the RFC1213.
acl-drops¶
The number of packets (or TCP messages) dropped because of the ACL. If a packet or message is dropped, it is not counted in the queries statistic.
cache-hits¶
Number of times a response was sent using data found in the packet cache.
cache-misses¶
Number of times an answer was not found in the packet cache. Only counted if a packet cache was setup for the selected pool.
cpu-iowait¶
New in version 1.5.0.
Time spent waiting for I/O to complete by the whole system, in units of USER_HZ.
cpu-steal¶
New in version 1.5.0.
Stolen time, which is the time spent by the whole system in other operating systems when running in a virtualized environment, in units of USER_HZ.
cpu-sys-msec¶
Milliseconds spent by dnsdist in the “system” state.
cpu-user-msec¶
Milliseconds spent by dnsdist in the “user” state.
doh-query-pipe-full¶
Number of queries dropped because the internal DoH pipe was full.
doh-response-pipe-full¶
Number of responses dropped because the internal DoH pipe was full.
doq-response-pipe-full¶
Number of responses dropped because the internal DoQ pipe was full.
downstream-send-errors¶
Number of errors when sending a query to a backend.
downstream-timeouts¶
Number of queries not answer in time by a backend.
dyn-block-nmg-size¶
Number of dynamic blocks entries.
dyn-blocked¶
Number of queries dropped because of a dynamic block.
empty-queries¶
Number of empty queries received from clients. Every empty-query is also counted as a query.
fd-usage¶
Number of currently used file descriptors.
frontend-noerror¶
Number of NoError answers sent to clients.
frontend-nxdomain¶
Number of NXDomain answers sent to clients.
frontend-servfail¶
Number of ServFail answers sent to clients.
latency-avg100¶
Average response latency in microseconds of the last 100 packets received over UDP.
latency-avg1000¶
Average response latency in microseconds of the last 1000 packets received over UDP.
latency-avg10000¶
Average response latency in microseconds of the last 10000 packets received over UDP.
latency-avg1000000¶
Average response latency in microseconds of the last 1000000 packets received over UDP.
latency-bucket¶
Histogram of response time latencies for queries received over UDP.
latency-count¶
Number of queries contributing to response time histogram and latency sum.
latency-doh-avg100¶
Average response latency, in microseconds, of the last 100 packets received over DoH.
latency-doh-avg1000¶
Average response latency, in microseconds, of the last 1000 packets received over DoH.
latency-doh-avg10000¶
Average response latency, in microseconds, of the last 10000 packets received over DoH.
latency-doh-avg1000000¶
Average response latency, in microseconds, of the last 1000000 packets received over DoH.
latency-doq-avg100¶
Average response latency, in microseconds, of the last 100 packets received over DoQ.
latency-doq-avg1000¶
Average response latency, in microseconds, of the last 1000 packets received over DoQ.
latency-doq-avg10000¶
Average response latency, in microseconds, of the last 10000 packets received over DoQ.
latency-doq-avg1000000¶
Average response latency, in microseconds, of the last 1000000 packets received over DoQ.
latency-dot-avg100¶
Average response latency, in microseconds, of the last 100 packets received over DoT.
latency-dot-avg1000¶
Average response latency, in microseconds, of the last 1000 packets received over DoT.
latency-dot-avg10000¶
Average response latency, in microseconds, of the last 10000 packets received over DoT.
latency-dot-avg1000000¶
Average response latency, in microseconds, of the last 1000000 packets received over DoT.
latency-slow¶
Number of queries received over UDP answered in more than 1 second.
latency-sum¶
Total response time of all queries received over UDP combined in milliseconds since the start of dnsdist. Can be used to calculate the average response time over all queries received over UDP.
latency-tcp-avg100¶
Average response latency, in microseconds, of the last 100 packets received over TCP.
latency-tcp-avg1000¶
Average response latency, in microseconds, of the last 1000 packets received over TCP.
latency-tcp-avg10000¶
Average response latency, in microseconds, of the last 10000 packets received over TCP.
latency-tcp-avg1000000¶
Average response latency, in microseconds, of the last 1000000 packets received over TCP.
latency0-1¶
Number of queries received over UDP answered in less than 1 ms.
latency1-10¶
Number of queries received over UDP answered in 1-10 ms.
latency10-50¶
Number of queries received over UDP answered in 10-50 ms.
latency50-100¶
Number of queries received over UDP answered in 50-100 ms.
latency100-1000¶
Number of queries received over UDP answered in 100-1000 ms.
no-policy¶
Number of queries dropped because no server was available.
noncompliant-queries¶
Number of queries dropped as non-compliant.
noncompliant-responses¶
Number of answers from a backend dropped as non-compliant.
outgoing-doh-query-pipe-full¶
Number of outgoing DoH queries dropped because the internal pipe used to distribute queries was full.
proxy-protocol-invalid¶
New in version 1.6.0.
Number of queries dropped because of an invalid Proxy Protocol header.
queries¶
Number of received queries.
rdqueries¶
Number of received queries with the recursion desired bit set.
real-memory-usage¶
Current memory usage.
responses¶
Number of response sent to clients.
Before 1.8.0, it was the number of responses received from backends, not accounting for cache hits or self-answered responses.
rule-drop¶
Number of queries dropped because of a rule.
rule-nxdomain¶
Number of NXDomain answers returned because of a rule.
rule-refused¶
Number of Refused answers returned because of a rule.
rule-servfail¶
Number of ServFail answers returned because of a rule.
security-status¶
The security status of dnsdist. This is regularly polled.
- 0 = Unknown status or unreleased version
- 1 = OK
- 2 = Upgrade recommended
- 3 = Upgrade required (most likely because there is a known security issue)
self-answered¶
Number of self-answered responses.
servfail-responses¶
Number of servfail answers received from backends.
tcp-cross-protocol-query-pipe-full¶
Number of TCP cross-protocol queries dropped because the internal pipe used to distribute queries was full.
tcp-cross-protocol-response-pipe-full¶
Number of TCP cross-protocol responses dropped because the internal pipe used to distribute queries was full.
tcp-query-pipe-full¶
Number of TCP queries dropped because the internal pipe used to distribute queries was full.
trunc-failures¶
Number of errors encountered while truncating an answer.
uptime¶
Uptime of the dnsdist process, in seconds.