packetcache-entries Size of packet cache (since 3.2)
packetcache-hits Packet cache hits (since 3.2)
packetcache-misses Packet cache misses (since 3.2)
+policy-drops Packets dropped because of (Lua) policy decision
qa-latency shows the current latency average, in microseconds
questions counts all End-user initiated queries with the RD bit set
ipv6-questions counts all End-user initiated queries with the RD bit set, received over IPv6 UDP
throttled-out counts the number of throttled outgoing UDP queries since starting
throttle-entries shows the number of entries in the throttle map
unauthorized-tcp number of TCP questions denied because of allow-from restrictions
-unauthorized-udp number of UDP questions denied because of allow-from restrictions
+unauthorized-udp number of UDP questions denied because of allow-from restrictions
unexpected-packets number of answers from remote servers that were unexpected (might point to spoofing)
uptime number of seconds process has been running (since 3.1.5)
user-msec number of CPU milliseconds spent in 'user' mode
graphs of all these numbers. Use <command>rec_control get-all</command> to get all statistics in one go.
</para>
<para>
- It should be noted that answers0-1 + answers1-10 + answers10-100 + answers100-1000 + packetcache-hits + over-capacity-drops = questions.
+ It should be noted that answers0-1 + answers1-10 + answers10-100 + answers100-1000 + packetcache-hits + over-capacity-drops + policy-drops = questions.
+ </para>
+ <para>
+ Also note that unauthorized-tcp and unauthorized-udp packets do not end up in the 'questions' count.
</para>
<para>
Every half our or so, the recursor outputs a line with statistics. More infrastructure is planned so as to allow
'25 smtp.example.net.'.
</para>
<para>
- Useful return 'rcodes' include 0 for "no error" and <function>pdns.NXDOMAIN</function> for "NXDOMAIN".
+ Useful return 'rcodes' include 0 for "no error", <function>pdns.NXDOMAIN</function> for "NXDOMAIN", <function>pdns.DROP</function> to drop the question
+ from further processing (since 3.6, and such a drop is accounted in the 'policy-drops' metric).
</para>
<para>
Fields that can be set in the return table include:
containing one or more replacement records to be stored in the back-end database. If, on the other hand, your
function decides not to modify a record, it must return pdns.PASS and an empty table indicating that PowerDNS should
handle the incoming record as normal. If your function decides to drop a query and not respond whatsoever, it must return
- pdns.DROP and an empty table indicating that the recursor does not want to process the packet in Lua nor in the core recursor logic.
+ pdns.DROP and an empty table indicating that the recursor does not want to process the packet in Lua nor in the core recursor logic.
</para>
<para>
Consider the following simple example:
if(!dc->d_mdp.d_header.rd)
sr.setCacheOnly();
-
// if there is a RecursorLua active, and it 'took' the query in preResolve, we don't launch beginResolve
if(!t_pdl->get() || !(*t_pdl)->preresolve(dc->d_remote, g_listenSocketsAddresses[dc->d_socket], dc->d_mdp.d_qname, QType(dc->d_mdp.d_qtype), ret, res, &variableAnswer)) {
- res = sr.beginResolve(dc->d_mdp.d_qname, QType(dc->d_mdp.d_qtype), dc->d_mdp.d_qclass, ret);
+ res = sr.beginResolve(dc->d_mdp.d_qname, QType(dc->d_mdp.d_qtype), dc->d_mdp.d_qclass, ret);
if(t_pdl->get()) {
if(res == RCode::NoError) {
}
if(res == RecursorBehaviour::DROP) {
+ g_stats.policyDrops++;
delete dc;
dc=0;
return;
addGetStat("resource-limits", &g_stats.resourceLimits);
addGetStat("over-capacity-drops", &g_stats.overCapacityDrops);
+ addGetStat("policy-drops", &g_stats.policyDrops);
addGetStat("no-packet-error", &g_stats.noPacketError);
addGetStat("dlg-only-drops", &SyncRes::s_nodelegated);
addGetStat("max-mthread-stack", &g_stats.maxMThreadStackUsage);
uint64_t noErrors;
uint64_t answers0_1, answers1_10, answers10_100, answers100_1000, answersSlow;
double avgLatencyUsec;
- uint64_t qcounter;
+ uint64_t qcounter; // not increased for unauth packets
uint64_t ipv6qcounter;
uint64_t tcpqcounter;
- uint64_t unauthorizedUDP;
- uint64_t unauthorizedTCP;
+ uint64_t unauthorizedUDP; // when this is increased, qcounter isn't
+ uint64_t unauthorizedTCP; // when this is increased, qcounter isn't
+ uint64_t policyDrops;
uint64_t tcpClientOverflow;
uint64_t clientParseError;
uint64_t serverParseError;
projects / thirdparty / pdns.git / commitdiff
