static const oid taskQueuePushedOID[] = { RECURSOR_STATS_OID, 105 };
static const oid taskQueueExpiredOID[] = { RECURSOR_STATS_OID, 106 };
static const oid taskQueueSizeOID[] = { RECURSOR_STATS_OID, 107 };
+static const oid aggressiveNSECCacheEntriesOID[] = { RECURSOR_STATS_OID, 108 };
+static const oid aggressiveNSECCacheNSECHitsOID[] = { RECURSOR_STATS_OID, 109 };
+static const oid aggressiveNSECCacheNSEC3HitsOID[] = { RECURSOR_STATS_OID, 110 };
+static const oid aggressiveNSECCacheNSECWCHitsOID[] = { RECURSOR_STATS_OID, 111 };
+static const oid aggressiveNSECCacheNSEC3WCHitsOID[] = { RECURSOR_STATS_OID, 112 };
static std::unordered_map<oid, std::string> s_statsMap;
registerCounter64Stat("tasqueue-pushed", taskQueuePushedOID, OID_LENGTH(taskQueuePushedOID));
registerCounter64Stat("taskqueue-expired", taskQueueExpiredOID, OID_LENGTH(taskQueueExpiredOID));
registerCounter64Stat("taskqueue-size", taskQueueSizeOID, OID_LENGTH(taskQueueSizeOID));
+ registerCounter64Stat("aggressive-nsec-cache-entries", aggressiveNSECCacheEntriesOID, OID_LENGTH(aggressiveNSECCacheEntriesOID));
+ registerCounter64Stat("aggressive-nsec-cache-nsec-hits", aggressiveNSECCacheNSECHitsOID, OID_LENGTH(aggressiveNSECCacheNSECHitsOID));
+ registerCounter64Stat("aggressive-nsec-cache-nsec3-hits", aggressiveNSECCacheNSEC3HitsOID, OID_LENGTH(aggressiveNSECCacheNSEC3HitsOID));
+ registerCounter64Stat("aggressive-nsec-cache-nsec-wc-hits", aggressiveNSECCacheNSECWCHitsOID, OID_LENGTH(aggressiveNSECCacheNSECWCHitsOID));
+ registerCounter64Stat("aggressive-nsec-cache-nsec-wc3-hits", aggressiveNSECCacheNSEC3WCHitsOID, OID_LENGTH(aggressiveNSECCacheNSEC3WCHitsOID));
#endif /* HAVE_NET_SNMP */
}
#include "responsestats.hh"
#include "rec-lua-conf.hh"
+#include "aggressive_nsec.hh"
#include "validate-recursor.hh"
#include "filterpo.hh"
addGetStat("packetcache-misses", doGetPacketCacheMisses);
addGetStat("packetcache-entries", doGetPacketCacheSize);
addGetStat("packetcache-bytes", doGetPacketCacheBytes);
-
+
+ addGetStat("aggressive-nsec-cache-entries", [](){ return g_aggressiveNSECCache ? g_aggressiveNSECCache->getEntriesCount() : 0; });
+ addGetStat("aggressive-nsec-cache-nsec-hits", [](){ return g_aggressiveNSECCache ? g_aggressiveNSECCache->getNSECHits() : 0; });
+ addGetStat("aggressive-nsec-cache-nsec3-hits", [](){ return g_aggressiveNSECCache ? g_aggressiveNSECCache->getNSEC3Hits() : 0; });
+ addGetStat("aggressive-nsec-cache-nsec-wc-hits", [](){ return g_aggressiveNSECCache ? g_aggressiveNSECCache->getNSECWildcardHits() : 0; });
+ addGetStat("aggressive-nsec-cache-nsec3-wc-hits", [](){ return g_aggressiveNSECCache ? g_aggressiveNSECCache->getNSEC3WildcardHits() : 0; });
+
addGetStat("malloc-bytes", doGetMallocated);
addGetStat("servfail-answers", &g_stats.servFails);
REVISION "202002170000Z"
DESCRIPTION "Added proxyProtocolInvalid metric."
+ REVISION "202101050000Z"
+ DESCRIPTION "Added Aggressive NSEC cache metrics."
+
::= { powerdns 2 }
powerdns OBJECT IDENTIFIER ::= { enterprises 43315 }
"Number of tasks currenlty in the taskqueues"
::= { stats 107 }
+aggressiveNSECCacheEntries OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of entries in the aggressive NSEC cache"
+ ::= { stats 108 }
+
+aggressiveNSECCacheNSECHits OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of NSEC-related hits from the aggressive NSEC cache"
+ ::= { stats 109 }
+
+aggressiveNSECCacheNSEC3Hits OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of NSEC3-related hits from the aggressive NSEC cache"
+ ::= { stats 110 }
+
+aggressiveNSECCacheNSECWcHits OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of answers synthesized from the NSEC aggressive cache"
+ ::= { stats 111 }
+
+aggressiveNSECCacheNSEC3WcHits OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of answers synthesized from the NSEC3 aggressive cache"
+ ::= { stats 112 }
+
---
--- Traps / Notifications
---
nodLookupsDroppedOversize,
taskQueuePushed,
taskQueueExpired,
- taskQueueSize
+ taskQueueSize,
+ aggressiveNSECCacheEntries,
+ aggressiveNSECCacheNSECHits,
+ aggressiveNSECCacheNSEC3Hits,
+ aggressiveNSECCacheNSECWcHits,
+ aggressiveNSECCacheNSEC3WcHits
}
STATUS current
DESCRIPTION "Objects conformance group for PowerDNS Recursor"
entry->d_entries.insert({record.d_content, signatures, owner, std::move(next), record.d_ttl});
}
}
+ ++d_entriesCount;
}
bool AggressiveNSECCache::getNSECBefore(time_t now, std::shared_ptr<AggressiveNSECCache::ZoneEntry>& zoneEntry, const DNSName& name, ZoneEntry::CacheEntry& entry) {
if (it->d_ttd <= now) {
idx.erase(it);
+ --d_entriesCount;
return false;
}
if (it->d_ttd <= now) {
idx.erase(it);
+ --d_entriesCount;
return false;
}
/* and of course we won't deny the wildcard either */
LOG("Synthesized valid answer from NSEC3s and wildcard!"<<endl);
+ ++d_nsec3WildcardHits;
return true;
}
addRecordToRRSet(now, nsec.d_owner, QType::NSEC3, nsec.d_ttd - now, nsec.d_record, nsec.d_signatures, doDNSSEC, ret);
LOG("Synthesized valid answer from NSECs and wildcard!"<<endl);
+ ++d_nsecWildcardHits;
return true;
}
}
LOG(": done!"<<endl);
+ ++d_nsec3Hits;
res = RCode::NoError;
addToRRSet(now, soaSet, soaSignatures, zoneEntry->d_zone, doDNSSEC, ret);
addRecordToRRSet(now, exactNSEC3.d_owner, QType::NSEC3, exactNSEC3.d_ttd - now, exactNSEC3.d_record, exactNSEC3.d_signatures, doDNSSEC, ret);
addRecordToRRSet(now, wcEntry.d_owner, QType::NSEC3, wcEntry.d_ttd - now, wcEntry.d_record, wcEntry.d_signatures, doDNSSEC, ret);
LOG("Found valid NSEC3s covering the requested name and type!"<<endl);
+ ++d_nsec3Hits;
return true;
}
}
LOG("Found valid NSECs covering the requested name and type!"<<endl);
+ ++d_nsecHits;
return true;
}
void insertNSEC(const DNSName& zone, const DNSName& owner, const DNSRecord& record, const std::vector<std::shared_ptr<RRSIGRecordContent>>& signatures, bool nsec3);
bool getDenial(time_t, const DNSName& name, const QType& type, std::vector<DNSRecord>& ret, int& res, const ComboAddress& who, const boost::optional<std::string>& routingTag, bool doDNSSEC);
- //bool getBestZoneInfo(DNSName& lookup, bool& nsec3, std::string& salt, uint16_t& iterations);
//void removeZoneInfo(const DNSName& zone);
+ uint64_t getEntriesCount() const
+ {
+ return d_entriesCount;
+ }
+
+ uint64_t getNSECHits() const
+ {
+ return d_nsecHits;
+ }
+
+ uint64_t getNSEC3Hits() const
+ {
+ return d_nsec3Hits;
+ }
+
+ uint64_t getNSECWildcardHits() const
+ {
+ return d_nsecWildcardHits;
+ }
+
+ uint64_t getNSEC3WildcardHits() const
+ {
+ return d_nsec3WildcardHits;
+ }
+
private:
struct ZoneEntry
SuffixMatchTree<std::shared_ptr<ZoneEntry>> d_zones;
ReadWriteLock d_lock;
+ std::atomic<uint64_t> d_entriesCount{0};
+ std::atomic<uint64_t> d_nsecHits{0};
+ std::atomic<uint64_t> d_nsec3Hits{0};
+ std::atomic<uint64_t> d_nsecWildcardHits{0};
+ std::atomic<uint64_t> d_nsec3WildcardHits{0};
};
Also note that unauthorized-tcp and unauthorized-udp packets do not end up in the 'questions' count.
+aggressive-nsec-cache-entries
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+.. versionadded:: 4.5
+
+number of entries in the aggressive NSEC cache
+
+aggressive-nsec-cache-nsec-hits
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+.. versionadded:: 4.5
+
+number of negative answers generated from NSEC entries by the aggressive NSEC cache
+
+aggressive-nsec-cache-nsec3-wc-hits
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+.. versionadded:: 4.5
+
+number of answers synthesized from NSEC entries and wildcards by the NSEC aggressive cache
+
+aggressive-nsec-cache-nsec3-wc-hits
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+.. versionadded:: 4.5
+
+number of answers synthesized from NSEC entries and wildcards by the NSEC3 aggressive cache
+
all-outqueries
^^^^^^^^^^^^^^
counts the number of outgoing UDP queries since starting
projects / thirdparty / pdns.git / commitdiff
