Operating statistics provided by BIND statistics channels
  • 25 Sep 2018
  • 4 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

Operating statistics provided by BIND statistics channels

  • Dark
    Light
  • PDF

Article Summary

BIND listens for queries on Port 53. It listens for communication from RNDC on port 953. And it can be configured to listen for statistics requests on another port, typically port 80. 

To configure BIND so that it will offer statistics to clients that connect looking for them, you must enable statistics channels in the BIND configuration file. Enter something like this:

    statistics-channels {
         inet 10.0.0.1 port 80 allow {my_nets;};
         inet 192.168.1.1 port 8080 allow {any;};
    };

With BIND using that configuration information, a client connecting to port 80 at 10.0.0.1 or to port 8080 at 192.168.1.1 can use the HTTP protocol to receive statistics. The format in which the statistics are delivered depends on the URI presented by the client. Statistics are available in XML and now JSON formats. Versions of BIND earlier than 9.10 offered more than one format for XML statistics. Starting with BIND 9.10 only the "new" or "v3" format is supported. An XML-format reply from a statistics channel will be prefixed with a link to a CSS stylesheet that enables a CSS-compliant browser to display the XML file in a graphical format.

A simple browser connection to http://10.0.0.1/ (assuming the above configuration) will deliver a web page of various statistics. See the ARM for information on refining the received statistics by using a more intricate URI. The statistics channel now also includes many new statistics, including stats for the resolver, cache, address database, dispatch manager and task manager, which collectively can be used to monitor server health.

The full explanation of the statistics mechanism and how to interpret its results can be found in the BIND 9.10 ARM in Section 6.4; the full instructions for configuring and controlling the statistics mechanism are in the BIND 9.10 ARM in Section 6.2.20. 

Enabling the statistics channel in BIND

To use the statistics channel, you must first ensure that BIND has been built with the necessary "libxml2" runtime library included. All current distributions of BIND for Windows available from ISC were built with this included. For other systems, you need to build BIND with libxml2 support by specifying --with-libxml2 when running ./configure.  For example:

./configure --with-openssl --enable-threads --with-libxml2

Make sure that you have both libxml2 and its headers files installed
The build will apparently succeed, but it will not be possible to use the statistics channel (and if configured, named will give a warning on start-up) unless both are present and named knows where to find them. In many environments, this means that you need both libxml2 and libxml2-dev packages installed.

If you want to take advantage of the JSON formatted statistics, you will need to add libjson to the build:

./configure --with-openssl --enable-threads --with-libjson

Make sure that you have both libjson and its headers files installed
The build will apparently succeed, but it will not be possible to use JSON statistics channel. In many environments, particularly when installing via a package manager, you will need both libjson and libjson-dev packages installed in order to provide the necessary header files for the BIND build.

Next, you need to add the necessary configuration to named.conf , for example:

statistics-channels {
     inet 10.1.10.10 port 8080 allow { 192.168.2.10; 10.1.10.2; };
     inet 127.0.0.1 port 8080 allow { 127.0.0.1; };
};

The syntax for this statement is defined in the BIND Administrator's Reference Manual (distributed in electronic form with BIND and also available here in our KB at An Overview of BIND 9 Documentation) and allows flexible control over which machines may query for the statistics information. The example given above configures BIND to listen on two separate interfaces (10.1.10.10 and 127.0.0.1) and allow queries only from source IPs that match a specified address match list.

Statistics are not collected on a per-zone basis by default. If you wish per-zone statistics, you can specify them on a zone-by-zone basis using the "zone-statistics yes;" statement inside a zone declaration or make the same declaration in the global options to enable zone statistics for all defined zones.  For example:

zone "example.net" in {
     type master; 
     file "master/example.net";
     zone-statistics yes;
};

BIND 9 provides a basic xml stylesheet bind9.xsl which is accessible automatically once you have configured statistics-channels and are connecting from an allowed client.

So now that you have both the functionality and the configuration, you can view the statistics via a stylesheet-capable web browser (for example, if your nameserver is at 192.168.2.13 and you have instructed the server to listen on that interface on port 8080, navigate to http://192.168.2.13:8080/). A graphic browser is not the only intended method for checking; any script or application that can use HTTP to access the statistics interface can collect the xml file directly if the origin of the request matches the permissions defined in the statistics-channels configuration block. You can also create your own stylesheet.

Examples of XML-format statistics can be found towards the end of the article Using BIND's XML statistics-channels.