Find out how many DNS Queries/month via WHM or SSH?

Solution 1:

As AndyN says, the answer here is:

sudo rndc stats

When you run this (if configured in the named.conf files) Bind will dump out statistical information to a configured statistics file.

You need to check the /etc/bind/named.conf.* files for the following line:

 [ statistics-file "path_name"; ]

(On Ubuntu it's named.conf.options and the path is /var/run/named/named.stats)

From your question it seems that you need to know an approximate number of DNS queries for scaling purposes. You should be able to get a rough idea of this from the file.

Run sudo rndc stats

Then after a suitable time (a few hours? a few days?) run it again.

In your statistics file you'll see the following (this is from my own home DNS server - which is both a caching resolver and authoritative).

Apologies for the large amount of info... The number in the first line is in "Epoch time" (seconds since 1970-1-1 00:00 UTC). Using this you can work out the difference in time from one "rndc stats" to the next and also the different number of requests (you'll want to be looking at Incoming "QUERY" and Outgoing totals (A + NS + SOA + PTR + TXT + AAAA).

+++ Statistics Dump +++ (1275999954)
++ Incoming Requests ++
                432 QUERY
++ Incoming Queries ++
                 306 A
                   2 NS
                   4 SOA
                  45 PTR
                   5 TXT
                  70 AAAA
++ Outgoing Queries ++
[View: default]
                 523 A
                   4 NS
                   4 SOA
                  42 PTR
                   9 TXT
                 330 AAAA
[View: _bind]
++ Name Server Statistics ++
                 432 IPv4 requests received
                 431 responses sent
                 259 queries resulted in successful answer
                  96 queries resulted in authoritative answer
                 335 queries resulted in non authoritative answer
                  39 queries resulted in nxrrset
                 133 queries resulted in NXDOMAIN
                 238 queries caused recursion
                   1 duplicate queries received
++ Zone Maintenance Statistics ++
++ Resolver Statistics ++
[Common]
[View: default]
                 849 IPv4 queries sent
                  63 IPv6 queries sent
                 841 IPv4 responses received
                  67 NXDOMAIN received
                   2 FORMERR received
                   2 EDNS(0) query failures
                 123 query retries
                   5 query timeouts
                 118 IPv4 NS address fetches
                 118 IPv6 NS address fetches
                   1 IPv4 NS address fetch failed
                  90 IPv6 NS address fetch failed
                  13 queries with RTT < 10ms
                 549 queries with RTT 10-100ms
                 279 queries with RTT 100-500ms
[View: _bind]
++ Cache DB RRsets ++
[View: default]
                 366 A
                  87 NS
                   9 CNAME
                   1 PTR
                  97 AAAA
                  20 RRSIG
                  15 NSEC
                   4 !AAAA
                   1 NXDOMAIN
[View: _bind]
++ Socket I/O Statistics ++
                 852 UDP/IPv4 sockets opened
                  64 UDP/IPv6 sockets opened
                   3 TCP/IPv4 sockets opened
                   2 TCP/IPv6 sockets opened
                 850 UDP/IPv4 sockets closed
                  63 UDP/IPv6 sockets closed
                 123 TCP/IPv4 sockets closed
                   1 UDP/IPv4 socket bind failures
                  63 UDP/IPv6 socket connect failures
                 849 UDP/IPv4 connections established
                 124 TCP/IPv4 connections accepted
                  63 UDP/IPv6 send errors
                   3 UDP/IPv4 recv errors
++ Per Zone Query Statistics ++
--- Statistics Dump --- (1275999954)

Solution 2:

The command "rndc stats" should work with recent versions of BIND dns.

According to DistroWatch, CentOS 5.5 shipped with Bind 9.3.4-P1. OP can verify this from the command line with "rpm -qa | grep bind".

Solution 3:

AndyN's "rndc stats" (if you happen to run BIND) and kaerast's "dnstop" are good advices. I add DSC which is a very comprehensive package for DNS stats.

Solution 4:

Your first step should be to see if the DNS server software can handle this natively, possibly by outputting a logfile which you can analyse elsewhere. Failing that you could use Dnstop which provides a top-like output of dns queries being made by monitoring the network traffic. It'll not only give you stats on the top requests, top requesters, and query types but it also gives a count of how many requests have been made in total.

An alternative is to use Ntop to measure your network traffic in general. It won't give you the same detailed accurate output as Dnstop, but it will give you an idea as to how much dns traffic you are seeing and it will also measure how much other traffic you are getting which might be useful for other capacity planning.

Solution 5:

Warning: this generates some huge logs if your server is busy, keep an eye on your space.

First in your /etc/named.conf enable the 'queries' channel to get a log; a concise example:

logging {
  channel queries_channel {
        file "/var/log/named/queries.log" versions 5 size 500m;
        print-time yes;
  };
  category queries { queries_channel; }
}

Note how that will keep 5 versions (rotated logs) at 500 meg -- adjust as needed to capture the amount of data you need. Now that you have logs, Google "bind query statistics" to find a tool or software that best meets your needs to find out the numbers in question. One of the ones I know about that supports both BIND v8 and v9 formats is http://www.logreport.org/ .