Home  
Incident Reporting Log-in

User login

Navigation

Syndicate

XML feed
Home

DNS Statistics Collector (DSC) - What It Is, and Why You Should Run It! (More...)

Submitted by bwatson on Thursday, July 28, 2005 - 20:32
Public


DSC is an application for collecting and analyzing statistics from busy DNS servers. The application may be run directly on a DNS node or may be run on a standalone system that is configured to "capture" bi-directional traffic for a DNS node. DSC captures statistics such as: query types, return codes, most-queried TLDs, popular names, IPv6 root abusers, query name lengths, reply lengths, and much more. These statistics can aid operators in tracking or analyzing a wide range of problems including: excessive queriers, misconfigured systems, DNS software bugs, traffic count (packets/bytes), and possibly routing problems.

DSC can store data indefinitely, providing you with long-term, historical statistics related to your DNS traffic. In addition to DSC's operational utility, you will also find the historical data very useful for research, whether you share the data with OARC, researchers, or your own internal engineering groups.

While we are always anxious to have root/TLD operators join OARC, and submit DSC data for the benefit of other members and the research community, we are also anxious to have operators deploy DSC and use the data for their own benefit.

The latest version of DSC is attached at the bottom of this page. Full documentation is included in the source package. You can view the FAQ for DSC here.

DSC is developed and maintained by The Measurement Factory.


DSC currently has two major components:


Collector

The collector process uses libpcap to receive DNS messages sent and received on a network interface. It may run on the same machine as the DNS server, or on another system connected to a switch configured with port mirroring. A configuration file defines some number of datasets and other options. Datasets are dumped to disk every 60 seconds as XML files. A cron job copies the XML files to a separate server for archiving and further processing.


Presenter

This component receives XML datasets from collectors. Since parsing XML files is slower than we'd like, an extractor process converts them to another format. Currently that format is a line-based text file, although we may use a relational database in the future.

DSC uses a CGI script to display data in a web browser. The interface allows you to change time scales, select particular nodes within a server cluster, and isolate individual dataset keys.


AttachmentSize
dsc-200508191531.tar.gz893.49 KB
printer-friendly version · 309 reads
Subject:
collector and presenter on same host
Author:wessels
Date:Thu, 2006-05-18 23:54

> I need to have the collectror & presenter on the same host.
> What is the proper use of the refile-and-grok.sh script?

When you have the collector and presenter on the same host then you don't need to run the upload-prep.sh, upload-rsync.sh, or upload-x509.sh scripts. The purpose of these upload scripts is to move the XML files from the collector, to the /usr/local/dsc/data directory on the presenter.

Since the collector and presenter are on the same machine, you can either tell the collector to save the XML files directly into /usr/local/dsc/data/SERVER/NODE, or you can write a simple cron shell script that copies them from the DSC "run_dir" into /usr/local/dsc/data/SERVER/NODE.

The refile-and-grok.sh script's job is to process XML files that it finds in the /usr/local/dsc/data/SERVER/NODE directories. You should run it from cron as described in the DSC manual. It will read the XML files, store the data into ".dat" files, and then move the XML files into subdirectories for safekeeping.

Duane W.

login or register to post comments

Subject:
sample dsc-grapher.cfg
Author:wessels
Date:Thu, 2006-05-18 23:45

> I would like to ask you if there are any available
> simple examples for the dsc-grapher.cfg for a
> single DNS host?

dsc-grapher.cfg is a configuration file used by the dsc-grapher.pl script. The DSC source code distribution includes a sample configuration file in the presenter/grapher subdirectory.

Here is a simple example for a single DNS server with one node:

server S1 N1
trace_windows 1hour 4hour 1day 1week 1month
accum_windows 1day 2days 3days 1week

Replace "S1" with the name of your server and "N1" with the name of your node. These should match the names that you have chosen for the collector. There should be a directory named /usr/local/dsc/data/S1/N1

The trace_windows and accum_windows lines instruct dsc-grapher.pl to include links to graphs covering those time periods in the Time Scale box of the left-side menu.

For additional (more complex) dsc-grapher.cfg options, please refer to the DSC manual.

Duane W.

login or register to post comments

Incident Reporting Log-in

Operations Analysis and Research Center for the Internet