On 09. 05. 22 12:06, Alex K wrote:
Hi Greg,
On Mon, May 9, 2022 at 11:17 AM Greg Choules
<gregchoules+bindus...@googlemail.com
<mailto:gregchoules%2bbindus...@googlemail.com>> wrote:
Hi Alex.
Your use case may be very different to the one I faced in my
previous job. But there we did not and could not charge for DNS. It
was seen as a necessary but free resource.
If you *really* want to account for how many queries clients are
making, a quick and dirty solution is enabling querylog, BUT be
warned it causes a lot more load on the system. The better tool
would be DNStap.
I would rather prefer to avoid enabling query logs. One other thing I
was thining is to just see if bind9 logs the cache hit ratio in the
stats and use that as as rough coefficient for the internal client
traffic accounting.
There is bunch of data available in the statistics channel:
https://bind9.readthedocs.io/en/latest/reference.html#statistics-counters
Beware:
It might give you only a very rough estimate, like, "is cache hit rate
on average 0, 1/10, 1/2, or 9/10".
It is good enough to detect that a client engaged in a random subdomain
attacks and you need to look into traffic, but that's about it.
--
Petr Špaček
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
