- num.query.aggressive.NOERROR and num.query.aggressive.NXDOMAIN statistics

author Ralph Dolmans <ralph@nlnetlabs.nl>

Tue, 10 Apr 2018 11:39:23 +0000 (11:39 +0000)

committer Ralph Dolmans <ralph@nlnetlabs.nl>

Tue, 10 Apr 2018 11:39:23 +0000 (11:39 +0000)
author Ralph Dolmans <ralph@nlnetlabs.nl>
Tue, 10 Apr 2018 11:39:23 +0000 (11:39 +0000)
committer Ralph Dolmans <ralph@nlnetlabs.nl>
Tue, 10 Apr 2018 11:39:23 +0000 (11:39 +0000)
diff --git a/daemon/remote.c b/daemon/remote.c

index ab50e0d9125ac0afc7679db1111a1652a6c83ad1..11c3cf34cc74f1c1233916f3e0e4b74e6e0f072c 100644 (file)
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -1051,6 +1051,10 @@ print_ext(SSL* ssl, struct ub_stats_info* s)
                 (unsigned long)s->svr.ans_bogus)) return 0;
         if(!ssl_printf(ssl, "num.rrset.bogus"SQ"%lu\n", 
                 (unsigned long)s->svr.rrset_bogus)) return 0;
+       if(!ssl_printf(ssl, "num.query.aggressive.NOERROR"SQ"%lu\n", 
+               (unsigned long)s->svr.num_neg_cache_noerror)) return 0;
+       if(!ssl_printf(ssl, "num.query.aggressive.NXDOMAIN"SQ"%lu\n", 
+               (unsigned long)s->svr.num_neg_cache_nxdomain)) return 0;
         /* threat detection */
         if(!ssl_printf(ssl, "unwanted.queries"SQ"%lu\n", 
                 (unsigned long)s->svr.unwanted_queries)) return 0;
diff --git a/daemon/stats.c b/daemon/stats.c

index 5c31caec731132f5eccd2a4e3cf45065cf5e45a2..d278a6b1de0496628535b08615d8a7d5ad0b2956 100644 (file)
--- a/daemon/stats.c
+++ b/daemon/stats.c
@@ -62,6 +62,7 @@
  #include "services/cache/infra.h"
  #include "services/authzone.h"
  #include "validator/val_kcache.h"
+#include "validator/val_neg.h"
  
  /** add timers and the values do not overflow or become negative */
  static void
@@ -123,6 +124,30 @@ void server_stats_log(struct ub_server_stats* stats, struct worker* worker,
                 (unsigned)worker->env.mesh->stats_jostled);
  }
  
+/** Set the neg cache stats. */
+static void
+set_neg_cache_stats(struct worker* worker, struct ub_server_stats* svr,
+       int reset)
+{
+       int m = modstack_find(&worker->env.mesh->mods, "validator");
+       struct val_env* ve;
+       struct val_neg_cache* neg;
+       if(m == -1)
+               return;
+       ve = (struct val_env*)worker->env.modinfo[m];
+       if(!ve->neg_cache)
+               return;
+       neg = ve->neg_cache;
+       lock_basic_lock(&neg->lock);
+       svr->num_neg_cache_noerror = neg->num_neg_cache_noerror;
+       svr->num_neg_cache_nxdomain = neg->num_neg_cache_nxdomain;
+       if(reset && !worker->env.cfg->stat_cumulative) {
+               neg->num_neg_cache_noerror = 0;
+               neg->num_neg_cache_nxdomain = 0;
+       }
+       lock_basic_unlock(&neg->lock);
+}
+
  /** get rrsets bogus number from validator */
  static size_t
  get_rrset_bogus(struct worker* worker, int reset)
@@ -274,6 +299,9 @@ server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset)
                 lock_rw_unlock(&worker->env.auth_zones->lock);
         }
  
+       /* Set neg cache usage numbers */
+       set_neg_cache_stats(worker, &s->svr, reset);
+
         /* get tcp accept usage */
         s->svr.tcp_accept_usage = 0;
         for(lp = worker->front->cps; lp; lp = lp->next) {
diff --git a/doc/Changelog b/doc/Changelog

index 294300e8855fa18e81a0e8fa0d4e499e09330cad..f1d10ce62423c368b81cff4909d70132b0e37806 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+10 April 2018: Ralph
+       - num.query.aggressive.NOERROR and num.query.aggressive.NXDOMAIN
+         statistics counters.
+
  10 April 2018: Wouter
         - documentation for low-rtt and low-rtt-pct.
  
diff --git a/doc/unbound-control.8.in b/doc/unbound-control.8.in

index a8b5a599baa472c1959dc0385e79f5bf7bbc50eb..887441196827dea353466dd4b85eba57b07897a9 100644 (file)
--- a/doc/unbound-control.8.in
+++ b/doc/unbound-control.8.in
@@ -611,6 +611,16 @@ the internet, but are now answered from the auth zone.
  The number of queries for downstream answered from auth\-zone data.
  These queries are from downstream clients, and have had an answer from
  the data in the auth zone.
+.TP
+.I num.query.aggressive.NOERROR
+The number of queries answered using cached NSEC records with NODATA RCODE.
+These queries would otherwise have been sent to the internet, but are now
+answered using cached data.
+.TP
+.I num.query.aggressive.NXDOMAIN
+The number of queries answered using cached NSEC records with NXDOMAIN RCODE.
+These queries would otherwise have been sent to the internet, but are now
+answered using cached data.
  .SH "FILES"
  .TP
  .I @ub_conf_file@
diff --git a/libunbound/unbound.h b/libunbound/unbound.h

index aa195a87a774b737cb22ccc95000061edf362610..fbd69cab0e71461166bba15bf4855c184210deb4 100644 (file)
--- a/libunbound/unbound.h
+++ b/libunbound/unbound.h
@@ -751,6 +751,12 @@ struct ub_server_stats {
         long long num_query_authzone_up;
         /** number of queries for unbound's auth_zones, downstream answers */
         long long num_query_authzone_down;
+       /** number of times neg cache records were used to generate NOERROR
+        * responses. */
+       long long num_neg_cache_noerror;
+       /** number of times neg cache records were used to generate NXDOMAIN
+        * responses. */
+       long long num_neg_cache_nxdomain;
  };
  
  /** 
diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c

index 306b599000d2c4a5e487c6a7e3f44e7aa925cdd8..afb764d46a302250c7ecf9860293106e439e584e 100644 (file)
--- a/smallapp/unbound-control.c
+++ b/smallapp/unbound-control.c
@@ -349,6 +349,8 @@ static void print_extended(struct ub_stats_info* s)
         PR_UL("num.answer.secure", s->svr.ans_secure);
         PR_UL("num.answer.bogus", s->svr.ans_bogus);
         PR_UL("num.rrset.bogus", s->svr.rrset_bogus);
+       PR_UL("num.query.aggressive.NOERROR", s->svr.num_neg_cache_noerror);
+       PR_UL("num.query.aggressive.NXDOMAIN", s->svr.num_neg_cache_nxdomain);
         /* threat detection */
         PR_UL("unwanted.queries", s->svr.unwanted_queries);
         PR_UL("unwanted.replies", s->svr.unwanted_replies);
diff --git a/validator/val_neg.c b/validator/val_neg.c

index 54123814830757cbe3105b6dc2ad537f5e3ba6de..c494a6be637f45ccd72c819efc3546ad8ca5a9be 100644 (file)
--- a/validator/val_neg.c
+++ b/validator/val_neg.c
@@ -1515,6 +1515,10 @@ val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo,
                         return NULL;
                 if(addsoa && !add_soa(rrset_cache, now, region, msg, NULL))
                         return NULL;
+
+               lock_basic_lock(&neg->lock);
+               neg->num_neg_cache_noerror++;
+               lock_basic_unlock(&neg->lock);
                 return msg;
         } else if(nsec && val_nsec_proves_name_error(nsec, qinfo->qname)) {
                 if(!(msg = dns_msg_create(qinfo->qname, qinfo->qname_len, 
@@ -1578,7 +1582,7 @@ val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo,
                                         rcode = LDNS_RCODE_NXDOMAIN;
                                 else if(!nsec_proves_nodata(wcrr, &wc_qinfo,
                                         &nodata_wc) || nodata_wc)
-                                       /* &nodata_wc shoudn't be set, wc_qinfo
+                                       /* &nodata_wc shouldn't be set, wc_qinfo
                                          * already contains wildcard domain. */
                                         /* NSEC doesn't prove anything for
                                          * wildcard. */
@@ -1595,6 +1599,14 @@ val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo,
                 if(addsoa && !add_soa(rrset_cache, now, region, msg, NULL))
                         return NULL;
  
+               /* Increment statistic counters */
+               lock_basic_lock(&neg->lock);
+               if(rcode == LDNS_RCODE_NOERROR)
+                       neg->num_neg_cache_noerror++;
+               else if(rcode == LDNS_RCODE_NXDOMAIN)
+                       neg->num_neg_cache_nxdomain++;
+               lock_basic_unlock(&neg->lock);
+
                 FLAGS_SET_RCODE(msg->rep->flags, rcode);
                 return msg;
         }
diff --git a/validator/val_neg.h b/validator/val_neg.h

index 00dad6df1f5c277abadd3a4337d60e69375fdde4..877f5c944747b1b35d195d673ebebe788c0e677c 100644 (file)
--- a/validator/val_neg.h
+++ b/validator/val_neg.h
@@ -80,6 +80,12 @@ struct val_neg_cache {
         size_t max;
         /** max nsec3 iterations allowed */
         size_t nsec3_max_iter;
+       /** number of times neg cache records were used to generate NOERROR
+        * responses. */
+       size_t num_neg_cache_noerror;
+       /** number of times neg cache records were used to generate NXDOMAIN
+        * responses. */
+       size_t num_neg_cache_nxdomain;
  };
  
  /**
author	Ralph Dolmans <ralph@nlnetlabs.nl>
	Tue, 10 Apr 2018 11:39:23 +0000 (11:39 +0000)
committer	Ralph Dolmans <ralph@nlnetlabs.nl>
	Tue, 10 Apr 2018 11:39:23 +0000 (11:39 +0000)
daemon/remote.c		patch \| blob \| blame \| history
daemon/stats.c		patch \| blob \| blame \| history
doc/Changelog		patch \| blob \| blame \| history
doc/unbound-control.8.in		patch \| blob \| blame \| history
libunbound/unbound.h		patch \| blob \| blame \| history
smallapp/unbound-control.c		patch \| blob \| blame \| history
validator/val_neg.c		patch \| blob \| blame \| history
validator/val_neg.h		patch \| blob \| blame \| history