- num.query.authzone.up and num.query.authzone.down statistics counters.

- Fix downstream auth zone, only fallback when auth zone fails to
  answer and fallback is enabled.

git-svn-id: file:///svn/unbound/trunk@4610 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/Makefile.in b/Makefile.in
index 24a694289116446444ebc4195bba513024b1a0ec..8f970d1900ee8b0e7dd22d6484ea93f9109cf324 100644 (file)
--- a/Makefile.in
+++ b/Makefile.in
@@ -1228,7 +1228,7 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s
  $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
  $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \
  $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
- $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h
+ $(srcdir)/util/rtt.h $(srcdir)/services/authzone.h $(srcdir)/validator/val_kcache.h
 unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \
  $(srcdir)/util/locks.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
    $(srcdir)/daemon/remote.h \
@@ -1325,7 +1325,7 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s
  $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
  $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \
  $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
- $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h
+ $(srcdir)/util/rtt.h $(srcdir)/services/authzone.h $(srcdir)/validator/val_kcache.h
 replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
  $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
   $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h \

diff --git a/daemon/remote.c b/daemon/remote.c
index 47c0f40505d19036ed2ec5801dd8fd3479bf4ad1..ab50e0d9125ac0afc7679db1111a1652a6c83ad1 100644 (file)
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -1075,6 +1075,10 @@ print_ext(SSL* ssl, struct ub_stats_info* s)
        if(!ssl_printf(ssl, "num.query.dnscrypt.replay"SQ"%lu\n",
                (unsigned long)s->svr.num_query_dnscrypt_replay)) return 0;
 #endif /* USE_DNSCRYPT */
+       if(!ssl_printf(ssl, "num.query.authzone.up"SQ"%lu\n",
+               (unsigned long)s->svr.num_query_authzone_up)) return 0;
+       if(!ssl_printf(ssl, "num.query.authzone.down"SQ"%lu\n",
+               (unsigned long)s->svr.num_query_authzone_down)) return 0;
        return 1;
 }
 

diff --git a/daemon/stats.c b/daemon/stats.c
index ed788720846afa6956c1d5584af81beec8aacd0e..5c31caec731132f5eccd2a4e3cf45065cf5e45a2 100644 (file)
--- a/daemon/stats.c
+++ b/daemon/stats.c
@@ -60,6 +60,7 @@
 #include "sldns/sbuffer.h"
 #include "services/cache/rrset.h"
 #include "services/cache/infra.h"
+#include "services/authzone.h"
 #include "validator/val_kcache.h"
 
 /** add timers and the values do not overflow or become negative */
@@ -256,6 +257,22 @@ server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset)
        s->svr.nonce_cache_count = 0;
        s->svr.num_query_dnscrypt_replay = 0;
 #endif /* USE_DNSCRYPT */
+       if(worker->env.auth_zones) {
+               if(reset && !worker->env.cfg->stat_cumulative) {
+                       lock_rw_wrlock(&worker->env.auth_zones->lock);
+               } else {
+                       lock_rw_rdlock(&worker->env.auth_zones->lock);
+               }
+               s->svr.num_query_authzone_up = (long long)worker->env.
+                       auth_zones->num_query_up;
+               s->svr.num_query_authzone_down = (long long)worker->env.
+                       auth_zones->num_query_down;
+               if(reset && !worker->env.cfg->stat_cumulative) {
+                       worker->env.auth_zones->num_query_up = 0;
+                       worker->env.auth_zones->num_query_down = 0;
+               }
+               lock_rw_unlock(&worker->env.auth_zones->lock);
+       }
 
        /* get tcp accept usage */
        s->svr.tcp_accept_usage = 0;

diff --git a/doc/Changelog b/doc/Changelog
index c03c2b9d720a708c0d730b91d9017730aa9bc1f2..2480d1394250b188062dd4cbb346ceb50c2e580f 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,9 @@
 9 April 2018: Wouter
        - Fix that flush_zone sets prefetch ttl expired, so that with
          serve-expired enabled it'll start prefetching those entries.
+       - num.query.authzone.up and num.query.authzone.down statistics counters.
+       - Fix downstream auth zone, only fallback when auth zone fails to
+         answer and fallback is enabled.
 
 5 April 2018: Wouter
        - Combine write of tcp length and tcp query for dns over tls.

diff --git a/doc/unbound-control.8.in b/doc/unbound-control.8.in
index 601d86ee76f1d6e7a31c3ae7c37a064a85c3394f..a8b5a599baa472c1959dc0385e79f5bf7bbc50eb 100644 (file)
--- a/doc/unbound-control.8.in
+++ b/doc/unbound-control.8.in
@@ -601,6 +601,16 @@ dnscrypt queries replay. The client nonce must be unique for each client public
 key/server secret key pair. This cache should be able to host QPS * `replay
 window` interval keys to prevent replay of a query during `replay window`
 seconds.
+.TP
+.I num.query.authzone.up
+The number of queries answered from auth\-zone data, upstream queries.
+These queries would otherwise have been sent (with fallback enabled) to
+the internet, but are now answered from the auth zone.
+.TP
+.I num.query.authzone.down
+The number of queries for downstream answered from auth\-zone data.
+These queries are from downstream clients, and have had an answer from
+the data in the auth zone.
 .SH "FILES"
 .TP
 .I @ub_conf_file@

diff --git a/iterator/iterator.c b/iterator/iterator.c
index 0d70b6effc4b2dd992abcd1cb6ba991e8414cd19..158a992508a337b14fa2fabe08062747d923a2e7 100644 (file)
--- a/iterator/iterator.c
+++ b/iterator/iterator.c
@@ -2171,6 +2171,9 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
                if((iq->chase_flags&BIT_RD) && !(iq->response->rep->flags&BIT_AA)) {
                        verbose(VERB_ALGO, "forwarder, ignoring referral from auth zone");
                } else {
+                       lock_rw_wrlock(&qstate->env->auth_zones->lock);
+                       qstate->env->auth_zones->num_query_up++;
+                       lock_rw_unlock(&qstate->env->auth_zones->lock);
                        iq->num_current_queries++;
                        iq->chase_to_rd = 0;
                        iq->dnssec_lame_query = 0;

diff --git a/libunbound/unbound.h b/libunbound/unbound.h
index 1b0f54fd2b6bf2801b9372629e899b148d27094b..aa195a87a774b737cb22ccc95000061edf362610 100644 (file)
--- a/libunbound/unbound.h
+++ b/libunbound/unbound.h
@@ -747,6 +747,10 @@ struct ub_server_stats {
        long long num_query_dnscrypt_replay;
        /** number of dnscrypt nonces cache entries */
        long long nonce_cache_count;
+       /** number of queries for unbound's auth_zones, upstream query */
+       long long num_query_authzone_up;
+       /** number of queries for unbound's auth_zones, downstream answers */
+       long long num_query_authzone_down;
 };
 
 /** 

diff --git a/services/authzone.c b/services/authzone.c
index fac8e4ed1c24967846de279817a1fe632f62aaa5..224f96a5bb14dbeb21441aef5ba6da9f32696cef 100644 (file)
--- a/services/authzone.c
+++ b/services/authzone.c
@@ -3153,10 +3153,13 @@ int auth_zones_answer(struct auth_zones* az, struct module_env* env,
        /* answer it from zone z */
        r = auth_zone_generate_answer(z, qinfo, temp, &msg, &fallback);
        lock_rw_unlock(&z->lock);
-       if(fallback) {
+       if(!r && fallback) {
                /* fallback to regular answering (recursive) */
                return 0;
        }
+       lock_rw_wrlock(&az->lock);
+       az->num_query_down++;
+       lock_rw_unlock(&az->lock);
 
        /* encode answer */
        if(!r)

diff --git a/services/authzone.h b/services/authzone.h
index d54ef4b96e49698c79588e3b19f4a29dcb3059f3..258a1ebc370ace1d9c45f5c59f0674877ab1c682 100644 (file)
--- a/services/authzone.h
+++ b/services/authzone.h
@@ -77,6 +77,10 @@ struct auth_zones {
        rbtree_type xtree;
        /** do we have downstream enabled */
        int have_downstream;
+       /** number of queries upstream */
+       size_t num_query_up;
+       /** number of queries downstream */
+       size_t num_query_down;
 };
 
 /**

diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c
index fa1e3f6b982868587679ad95d54e68a936dbb593..306b599000d2c4a5e487c6a7e3f44e7aa925cdd8 100644 (file)
--- a/smallapp/unbound-control.c
+++ b/smallapp/unbound-control.c
@@ -366,6 +366,8 @@ static void print_extended(struct ub_stats_info* s)
        PR_UL("num.query.dnscrypt.replay",
                         s->svr.num_query_dnscrypt_replay);
 #endif /* USE_DNSCRYPT */
+       PR_UL("num.query.authzone.up", s->svr.num_query_authzone_up);
+       PR_UL("num.query.authzone.down", s->svr.num_query_authzone_down);
 }
 
 /** print statistics out of memory structures */