The PowerDNS Recursor collects many statistics about itself.
Every half hour or so (configurable with statistics-interval, the recursor outputs a line with statistics. To force the output of statistics, send the process a SIGUSR1. A line of statistics looks like this:
stats: 346362 questions, 7388 cache entries, 1773 negative entries, 18% cache hits
stats: cache contended/acquired 1583/56041728 = 0.00282468%
stats: throttle map: 3, ns speeds: 1487, failed ns: 15, ednsmap: 1363
stats: outpacket/query ratio 54%, 0% throttled, 0 no-delegation drops
stats: 217 outgoing tcp connections, 0 queries running, 9155 outgoing timeouts
stats: 4536 packet cache entries, 82% packet cache hits
stats: thread 0 has been distributed 175728 queries
stats: thread 1 has been distributed 169484 queries
stats: 1 qps (average over 1800 seconds)
This means that in total 346362 queries were received and there are 7388 different name/type combinations in the record cache, each entry may have multiple records attached to it.
There are 1773 items in the negative cache, items of which it is known that don’t exist and won’t do so for the near future. 18% of incoming questions not handled by the packets cache could be answered without any additional queries going out to the net. The record cache was consulted or modified 56041728 times, and 1583 of those accesses caused lock contention.
Next a line with the sizes of maps that can be consulted by rec_control is printed.
The outpacket/query ratio means that on average, 0.54 packets were needed to answer a question. This ratio can be greater than 100% since additional queries could be needed to actually recurse the DNS and figure out the addresses of nameservers.
0% of queries were not performed because identical queries had gone out previously and failed, saving load on servers worldwide. 217 outgoing tcp connections were done, there were 0 queries running at the moment and 9155 queries to authoritative servers saw timeouts.
The packets cache had 4536 entries and 82% of queries were served from it. The workload of the worker queries was 175728 and 169484 respectively. Finally, measured in the last half hour, an average of 1 qps was performed.
Some metrics are collected in thread-local variables, and an aggregate values is computed to report. Other statistics are recorded in global memory and each thread updates the one instance, taking proper precautions to make sure consistency is maintained. The only exception are the cpu-msec-thread-N metrics, which report per-thread data.
For carbon/graphite/metronome, we use the following namespace. Everything starts with ‘pdns.’, which is then followed by the local hostname. Thirdly, we add ‘recursor’ to signify the daemon generating the metrics. This is then rounded off with the actual name of the metric. As an example: ‘pdns.ns1.recursor.questions’.
Care has been taken to make the sending of statistics as unobtrusive as possible, the daemons will not be hindered by an unreachable carbon server, timeouts or connection refused situations.
To benefit from our carbon/graphite support, either install Graphite, or use our own lightweight statistics daemon, Metronome, currently available on GitHub.
To enable sending metrics, set carbon-server, possibly carbon-interval and possibly carbon-ourname in the configuration.
Warning
If your hostname includes dots, they will be replaced by underscores so as not to confuse the namespace.
If you include dots in carbon-ourname, they will not be replaced by underscores. As PowerDNS assumes you know what you are doing if you override your hostname.
Should Carbon not be the preferred way of receiving metrics, several other techniques can be employed to retrieve them.
The API exposes a statistics endpoint at
GET /api/v1/servers/:server_id/statistics¶This endpoint exports all statistics in a single JSON document.
rec_control¶Metrics can also be gathered on the system itself by invoking rec_control:
rec_control get-all
Single statistics can also be retrieved with the get command, e.g.:
rec_control get all-outqueries
External programs can use this technique to scrape metrics, though it is preferred to use a Prometheus export.
The internal web server exposes Prometheus formatted metrics at
GET /metrics¶The Prometheus name are the names listed in metricnames, prefixed with pdns_recursor_ and with hyphens substituted by underscores.
For example:
# HELP pdns_recursor_all_outqueries Number of outgoing UDP queries since starting
# TYPE pdns_recursor_all_outqueries counter
pdns_recursor_all_outqueries 7
The recursor can export statistics over SNMP and send traps from Lua, provided support is compiled into the Recursor and snmp-agent set.
-- -*- snmpv2 -*-
-- ----------------------------------------------------------------------
-- MIB file for PowerDNS Recursor
-- ----------------------------------------------------------------------
PDNSRECURSOR-MIB DEFINITIONS ::= BEGIN
IMPORTS
OBJECT-TYPE, MODULE-IDENTITY, enterprises,
Counter64, NOTIFICATION-TYPE
FROM SNMPv2-SMI
CounterBasedGauge64
FROM HCNUM-TC
OBJECT-GROUP, MODULE-COMPLIANCE, NOTIFICATION-GROUP
FROM SNMPv2-CONF;
rec MODULE-IDENTITY
LAST-UPDATED "202107200000Z"
ORGANIZATION "PowerDNS BV"
CONTACT-INFO "support@powerdns.com"
DESCRIPTION
"This MIB module describes information gathered through PowerDNS Recursor."
REVISION "201611290000Z"
DESCRIPTION "Initial revision."
REVISION "201812240000Z"
DESCRIPTION "Added the dnssecAuthenticDataQueries and dnssecCheckDisabledQueries stats."
REVISION "201911140000Z"
DESCRIPTION "Added qnameMinFallbackSuccess stats."
REVISION "202002170000Z"
DESCRIPTION "Added proxyProtocolInvalid metric."
REVISION "202101050000Z"
DESCRIPTION "Added Aggressive NSEC cache metrics."
REVISION "202107200000Z"
DESCRIPTION "Added almost expired task metrics."
REVISION "202110270000Z"
DESCRIPTION "Added more UDP errors metric."
REVISION "202111090000Z"
DESCRIPTION "Added NOTIFY-related metrics."
REVISION "202201310000Z"
DESCRIPTION "Added non-resolving NS name metric."
REVISION "202208220000Z"
DESCRIPTION "Added internal maintenance metrics."
REVISION "202209120000Z"
DESCRIPTION "Added metrics for answers from auths by rcode"
REVISION "202302240000Z"
DESCRIPTION "Added metrics for sharded packet cache contention"
REVISION "202306080000Z"
DESCRIPTION "Added metrics for NOD and UDR events"
::= { powerdns 2 }
powerdns OBJECT IDENTIFIER ::= { enterprises 43315 }
stats OBJECT IDENTIFIER ::= { rec 1 }
questions OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of questions"
::= { stats 1 }
ipv6Questions OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of IPv6 questions"
::= { stats 2 }
tcpQuestions OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of TCP questions"
::= { stats 3 }
cacheHits OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of cache hits"
::= { stats 4 }
cacheMisses OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of cache misses"
::= { stats 5 }
cacheEntries OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of cache entries"
::= { stats 6 }
cacheBytes OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Size of the cache in bytes"
::= { stats 7 }
packetcacheHits OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of packetcache hits"
::= { stats 8 }
packetcacheMisses OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of packetcache misses"
::= { stats 9 }
packetcacheEntries OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of packetcache entries"
::= { stats 10 }
packetcacheBytes OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Size of the packetcache in bytes"
::= { stats 11 }
mallocBytes OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of bytes allocated by malloc"
::= { stats 12 }
servfailAnswers OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of servfail answers"
::= { stats 13 }
nxdomainAnswers OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of nxdomain answers"
::= { stats 14 }
noerrorAnswers OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of noerror answers"
::= { stats 15 }
unauthorizedUdp OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of unauthorized UDP queries"
::= { stats 16 }
unauthorizedTcp OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of unauthorized TCP queries"
::= { stats 17 }
tcpClientOverflow OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of TCP client connections refused because of too many connections"
::= { stats 18 }
clientParseErrors OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of client parse errors"
::= { stats 19 }
serverParseErrors OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of server parse errors"
::= { stats 20 }
tooOldDrops OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of queries dropped because of a timeout"
::= { stats 21 }
answers01 OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of queries answered in less than 1 ms"
::= { stats 22 }
answers110 OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of queries answered in 1-10 ms"
::= { stats 23 }
answers10100 OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of queries answered in 10-100 ms"
::= { stats 24 }
answers1001000 OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of queries answered in 100-1000 ms"
::= { stats 25 }
answersSlow OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of queries answered in more than 1000 ms"
::= { stats 26 }
auth4Answers01 OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of IPv4 queries answered in less than 1 ms"
::= { stats 27 }
auth4Answers110 OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of IPv4 queries answered in 1-10 ms"
::= { stats 28 }
auth4Answers10100 OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of IPv4 queries answered in 10-100 ms"
::= { stats 29 }
auth4Answers1001000 OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of IPv4 queries answered in 100-1000 ms"
::= { stats 30 }
auth4Answersslow OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of IPv4 queries answered in more than 1000 ms"
::= { stats 31 }
auth6Answers01 OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of IPv6 queries answered in less than 1 ms"
::= { stats 32 }
auth6Answers110 OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of IPv6 queries answered in 1-10 ms"
::= { stats 33 }
auth6Answers10100 OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of IPv6 queries answered in 10-100 ms"
::= { stats 34 }
auth6Answers1001000 OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of IPv6 queries answered in 100-1000 ms"
::= { stats 35 }
auth6AnswersSlow OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of IPv6 queries answered in more than 1000 ms"
::= { stats 36 }
qaLatency OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Average latency in microseconds"
::= { stats 37 }
unexpectedPackets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of unexpected packets"
::= { stats 38 }
caseMismatches OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of case mismatches"
::= { stats 39 }
spoofPrevents OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of spoof prevents"
::= { stats 40 }
nssetInvalidations OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of nsset invalidations"
::= { stats 41 }
resourceLimits OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of resolution aborted because of a local resource limit"
::= { stats 42 }
overCapacityDrops OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of queries dropped because the threads limit was reached"
::= { stats 43 }
policyDrops OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of queries dropped because of a policy"
::= { stats 44 }
noPacketError OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of calls to recvmsg() that returned no packet even though the socket was ready"
::= { stats 45 }
dlgOnlyDrops OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Obsolete"
::= { stats 46 }
ignoredPackets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of ignored packets"
::= { stats 47 }
maxMthreadStack OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Maximum size of the Mthread stack"
::= { stats 48 }
negcacheEntries OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of negcache entries"
::= { stats 49 }
throttleEntries OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of throttle entries"
::= { stats 50 }
nsspeedsEntries OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of nsspeeds entries"
::= { stats 51 }
failedHostEntries OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of entries in the failed NS cache"
::= { stats 52 }
concurrentQueries OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of concurrent queries"
::= { stats 53 }
securityStatus OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Current security status"
::= { stats 54 }
outgoingTimeouts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of outgoing timeouts"
::= { stats 55 }
outgoing4Timeouts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of IPv4 outgoing timeouts"
::= { stats 56 }
outgoing6Timeouts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of IPv6 outgoing timeouts"
::= { stats 57 }
tcpOutqueries OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of outgoing TCP queries sent"
::= { stats 58 }
allOutqueries OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of outgoing queries sent"
::= { stats 59 }
ipv6Outqueries OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of IPv6 outgoing queries sent"
::= { stats 60 }
throttledOutqueries OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of throttled outgoing queries"
::= { stats 61 }
dontOutqueries OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of outgoing queries not sent because of a 'dont-query' setting"
::= { stats 62 }
unreachables OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of errors due to an unreachable server"
::= { stats 63 }
chainResends OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of chain resends"
::= { stats 64 }
tcpClients OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of TCP clients"
::= { stats 65 }
udpRecvbufErrors OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of UDP recvbuf errors (Linux only)"
::= { stats 66 }
udpSndbufErrors OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of UDP sndbuf errors (Linux only)"
::= { stats 67 }
udpNoportErrors OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of UDP noport errors (Linux only)"
::= { stats 68 }
udpinErrors OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of UDP in errors (Linux only)"
::= { stats 69 }
ednsPingMatches OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of EDNS Ping matches"
::= { stats 70 }
ednsPingMismatches OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of EDNS Ping mismatches"
::= { stats 71 }
dnssecQueries OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of DNSSEC queries"
::= { stats 72 }
nopingOutqueries OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of outgoing queries w/o ping"
::= { stats 73 }
noednsOutqueries OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of outgoing queries w/o EDNS"
::= { stats 74 }
uptime OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Process uptime in seconds"
::= { stats 75 }
realMemoryUsage OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Memory usage"
::= { stats 76 }
fdUsage OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"File descriptors usage"
::= { stats 77 }
userMsec OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"CPU usage (user) in ms"
::= { stats 78 }
sysMsec OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"CPU usage (system) in ms"
::= { stats 79 }
dnssecValidations OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of responses sent, packet-cache hits excluded, for which a DNSSEC validation was requested by either the client or the configuration"
::= { stats 80 }
dnssecResultInsecure OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of responses sent, excluding packet-cache hits, that were in the DNSSEC insecure state"
::= { stats 81 }
dnssecResultSecure OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of responses sent, excluding packet-cache hits, that were in the DNSSEC secure state"
::= { stats 82 }
dnssecResultBogus OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of responses sent, excluding packet-cache hits, that were in the DNSSEC bogus state"
::= { stats 83 }
dnssecResultIndeterminate OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of responses sent, excluding packet-cache hits, that were in the DNSSEC indeterminate state"
::= { stats 84 }
dnssecResultNta OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of responses sent, excluding packet-cache hits, that were in the DNSSEC NTA state"
::= { stats 85 }
policyResultNoaction OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of policy-mandated no-action results"
::= { stats 86 }
policyResultDrop OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of policy-mandated drops"
::= { stats 87 }
policyResultNxdomain OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of policy-mandated NXdomain results"
::= { stats 88 }
policyResultNodata OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of policy-mandated nodata results"
::= { stats 89 }
policyResultTruncate OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of policy-mandated truncate results"
::= { stats 90 }
policyResultCustom OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of policy-mandated custom results"
::= { stats 91 }
queryPipeFullDrops OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of queries dropped because the query distribution pipe was full"
::= { stats 92 }
truncatedDrops OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of queries dropped because they were larger than 512 bytes"
::= { stats 93 }
emptyQueries OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of queries dropped because they had a QD count of 0"
::= { stats 94 }
dnssecAuthenticDataQueries OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of queries received with the AD bit set"
::= { stats 95 }
dnssecCheckDisabledQueries OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of queries received with the CD bit set"
::= { stats 96 }
variableResponses OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of variable responses"
::= { stats 97 }
specialMemoryUsage OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Memory usage (more precise but expensive to retrieve)"
::= { stats 98 }
rebalancedQueries OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of queries re-distributed because the first selected worker thread was above the target load"
::= { stats 99 }
qnameMinFallbackSuccess OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of successful queries due to fallback mechanism within 'qname-minimization' setting"
::= { stats 100 }
proxyProtocolInvalid OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of invalid proxy protocol headers received"
::= { stats 101 }
recordCacheContended OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of contended record cache lock acquisitions"
::= { stats 102 }
recordCacheAcquired OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of record cache lock acquisitions"
::= { stats 103 }
nodLookupsDroppedOversize OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of NOD lookups dropped because they would exceed the maximum name length"
::= { stats 104 }
taskQueuePushed OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of tasks pushed to the taskqueues"
::= { stats 105 }
taskQueueExpired OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of tasks expired before they could be run"
::= { stats 106 }
taskQueueSize OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of tasks currently in the taskqueues"
::= { stats 107 }
aggressiveNSECCacheEntries OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of entries in the aggressive NSEC cache"
::= { stats 108 }
aggressiveNSECCacheNSECHits OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of NSEC-related hits from the aggressive NSEC cache"
::= { stats 109 }
aggressiveNSECCacheNSEC3Hits OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of NSEC3-related hits from the aggressive NSEC cache"
::= { stats 110 }
aggressiveNSECCacheNSECWcHits OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of answers synthesized from the NSEC aggressive cache"
::= { stats 111 }
aggressiveNSECCacheNSEC3WcHits OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of answers synthesized from the NSEC3 aggressive cache"
::= { stats 112 }
dotOutqueries OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of outgoing DoT queries since starting"
::= { stats 113 }
dns64PrefixAnswers OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of answers generated by dns64-prefix matching"
::= { stats 114 }
almostExpiredPushed OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of almost-expired tasks pushed"
::= { stats 115 }
almostExpiredRun OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of almost-expired tasks run"
::= { stats 116 }
almostExpiredExceptions OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of almost-expired tasks that caused an exception"
::= { stats 117 }
udpInCsumErrors OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of UDP in checksum errors (Linux only)"
::= { stats 118 }
udp6RecvbufErrors OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of UDP6 recvbuf errors (Linux only)"
::= { stats 119 }
udp6SndbufErrors OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of UDP6 sndbuf errors (Linux only)"
::= { stats 120 }
udp6NoportErrors OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of UDP6 noport errors (Linux only)"
::= { stats 121 }
udp6inErrors OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of UDP6 in errors (Linux only)"
::= { stats 122 }
udp6InCsumErrors OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of UDP6 in checksum errors (Linux only)"
::= { stats 123 }
sourceDisallowedNotify OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of NOTIFY operations not allowed by allow-notify-from"
::= { stats 124 }
zoneDisallowedNotify OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of NOTIFY operations not allowed by allow-notify-for"
::= { stats 125 }
nonResolvingNameserverEntries OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of entries in the non-resolving NS name cache"
::= { stats 126 }
maintenanceUSec OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Time spent doing internal maintenance, including Lua maintenance"
::= { stats 127 }
maintenanceCount OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of times internal maintenance has been called, including Lua maintenance"
::= { stats 128 }
authrcode0Count OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of rcode 0 (noerror) answers received"
::= { stats 129 }
authrcode1Count OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of rcode 1 (formerr) answers received"
::= { stats 130 }
authrcode2Count OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of rcode 2 (servfail) answers received"
::= { stats 131 }
authrcode3Count OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of rcode 3 (nxdomain) answers received"
::= { stats 132 }
authrcode4Count OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of rcode 4 (notimp) answers received"
::= { stats 133 }
authrcode5Count OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of rcode 5 (refused) answers received"
::= { stats 134 }
authrcode6Count OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of rcode 6 (yxdomain) answers received"
::= { stats 135 }
authrcode7Count OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of rcode 7 (yxrrset) answers received"
::= { stats 136 }
authrcode8Count OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of rcode 8 (nxrrset) answers received"
::= { stats 137 }
authrcode9Count OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of rcode 9 (notauth) answers received"
::= { stats 138 }
authrcode10Count OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of rcode 10 answers received"
::= { stats 139 }
authrcode11Count OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of rcode 11 answers received"
::= { stats 140 }
authrcode12Count OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of rcode 12 answers received"
::= { stats 141 }
authrcode13Count OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of rcode 13 answers received"
::= { stats 142 }
authrcode14Count OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of rcode 14 answers received"
::= { stats 143 }
authrcode15Count OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of rcode 15 answers received"
::= { stats 144 }
packetCacheContended OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of contended packet cache lock acquisitions"
::= { stats 145 }
packetCacheAcquired OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of packet cache lock acquisitions"
::= { stats 146 }
nodEvents OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Count of NOD events"
::= { stats 147 }
udrEvents OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Count of UDR events"
::= { stats 148 }
---
--- Traps / Notifications
---
trap OBJECT IDENTIFIER ::= { rec 10 }
traps OBJECT IDENTIFIER ::= { trap 0 } --- reverse-mappable
trapObjects OBJECT IDENTIFIER ::= { rec 11 }
trapReason OBJECT-TYPE
SYNTAX OCTET STRING
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Reason for this trap"
::= { trapObjects 1 }
--- { trapObjects 5000 } up to and including { trapObjects 5999 } are reserved for local, product-specific extensions to the Recursor MIB
customTrap NOTIFICATION-TYPE
OBJECTS {
trapReason
}
STATUS current
DESCRIPTION "Trap sent by sendCustomTrap"
::= { traps 1 }
--- { traps 5000 } up to and including { traps 5999 } are reserved for local, product-specific extensions to the Recursor MIB
---
--- Conformance
---
recConformance OBJECT IDENTIFIER ::= { rec 100 }
recCompliances MODULE-COMPLIANCE
STATUS current
DESCRIPTION "PowerDNS Recursor compliance statement"
MODULE
MANDATORY-GROUPS {
recGroup,
recTrapsGroup
}
::= { recConformance 1 }
recGroup OBJECT-GROUP
OBJECTS {
questions,
ipv6Questions,
tcpQuestions,
cacheHits,
cacheMisses,
cacheEntries,
cacheBytes,
packetcacheHits,
packetcacheMisses,
packetcacheEntries,
packetcacheBytes,
mallocBytes,
servfailAnswers,
nxdomainAnswers,
noerrorAnswers,
unauthorizedUdp,
unauthorizedTcp,
tcpClientOverflow,
clientParseErrors,
serverParseErrors,
tooOldDrops,
answers01,
answers110,
answers10100,
answers1001000,
answersSlow,
auth4Answers01,
auth4Answers110,
auth4Answers10100,
auth4Answers1001000,
auth4Answersslow,
auth6Answers01,
auth6Answers110,
auth6Answers10100,
auth6Answers1001000,
auth6AnswersSlow,
qaLatency,
unexpectedPackets,
caseMismatches,
spoofPrevents,
nssetInvalidations,
resourceLimits,
overCapacityDrops,
policyDrops,
noPacketError,
dlgOnlyDrops,
ignoredPackets,
maxMthreadStack,
negcacheEntries,
throttleEntries,
nsspeedsEntries,
failedHostEntries,
concurrentQueries,
securityStatus,
outgoingTimeouts,
outgoing4Timeouts,
outgoing6Timeouts,
tcpOutqueries,
allOutqueries,
ipv6Outqueries,
throttledOutqueries,
dontOutqueries,
unreachables,
chainResends,
tcpClients,
udpRecvbufErrors,
udpSndbufErrors,
udpNoportErrors,
udpinErrors,
ednsPingMatches,
ednsPingMismatches,
dnssecQueries,
nopingOutqueries,
noednsOutqueries,
uptime,
realMemoryUsage,
specialMemoryUsage,
fdUsage,
userMsec,
sysMsec,
dnssecValidations,
dnssecResultInsecure,
dnssecResultSecure,
dnssecResultBogus,
dnssecResultIndeterminate,
dnssecResultNta,
policyResultNoaction,
policyResultDrop,
policyResultNxdomain,
policyResultNodata,
policyResultTruncate,
policyResultCustom,
queryPipeFullDrops,
truncatedDrops,
emptyQueries,
dnssecAuthenticDataQueries,
dnssecCheckDisabledQueries,
variableResponses,
specialMemoryUsage,
rebalancedQueries,
trapReason,
qnameMinFallbackSuccess,
proxyProtocolInvalid,
recordCacheContended,
recordCacheAcquired,
nodLookupsDroppedOversize,
taskQueuePushed,
taskQueueExpired,
taskQueueSize,
aggressiveNSECCacheEntries,
aggressiveNSECCacheNSECHits,
aggressiveNSECCacheNSEC3Hits,
aggressiveNSECCacheNSECWcHits,
aggressiveNSECCacheNSEC3WcHits,
dotOutqueries,
dns64PrefixAnswers,
almostExpiredPushed,
almostExpiredRun,
almostExpiredExceptions,
udpInCsumErrors,
udp6RecvbufErrors,
udp6SndbufErrors,
udp6NoportErrors,
udp6inErrors,
udp6InCsumErrors,
sourceDisallowedNotify,
zoneDisallowedNotify,
nonResolvingNameserverEntries,
maintenanceUSec,
maintenanceCalls,
authrcode0Count,
authrcode1Count,
authrcode2Count,
authrcode3Count,
authrcode4Count,
authrcode5Count,
authrcode6Count,
authrcode7Count,
authrcode8Count,
authrcode9Count,
authrcode10Count,
authrcode11Count,
authrcode12Count,
authrcode13Count,
authrcode14Count,
authrcode15Count,
packetCacheContended,
packetCacheAcquired,
nodEvents,
udrEvents
}
STATUS current
DESCRIPTION "Objects conformance group for PowerDNS Recursor"
::= { recConformance 2 }
recTrapsGroup NOTIFICATION-GROUP
NOTIFICATIONS {
customTrap
}
STATUS current
DESCRIPTION "Traps conformance group for PowerDNS Recursor"
::= { recConformance 3 }
END
These statistics are gathered.
It should be noted that answers0-1 + answers1-10 + answers10-100 + answers100-1000 + answers-slow + packetcache-hits + over-capacity-drops + policy-drops = questions.
Also note that unauthorized-tcp and unauthorized-udp packets do not end up in the ‘questions’ count.
New in version 4.6.
number of almost-expired tasks that caused an exception
New in version 4.5.
number of negative answers generated from NSEC entries by the aggressive NSEC cache
New in version 4.5.
number of answers synthesized from NSEC entries and wildcards by the NSEC aggressive cache
New in version 4.5.
number of answers synthesized from NSEC entries and wildcards by the NSEC3 aggressive cache
counts the number of outgoing UDP queries since starting
counts the number of queries answered after 1 second
counts the number of queries answered within 1 millisecond
counts the number of queries answered within 10 milliseconds
counts the number of queries answered within 100 milliseconds
counts the number of queries answered within 1 second
counts the number of queries answered by auth4s after 1 second (4.0)
counts the number of queries answered by auth4s within 1 millisecond (4.0)
counts the number of queries answered by auth4s within 10 milliseconds (4.0)
counts the number of queries answered by auth4s within 100 milliseconds (4.0)
counts the number of queries answered by auth4s within 1 second (4.0)
counts the number of queries answered by auth6s after 1 second (4.0)
counts the number of queries answered by auth6s within 1 millisecond (4.0)
counts the number of queries answered by auth6s within 10 milliseconds (4.0)
counts the number of queries answered by auth6s within 100 milliseconds (4.0)
counts the number of queries answered by auth6s within 1 second (4.0)
where xxx is an rcode name (noerror, formerr, servfail, nxdomain, notimp, refused, yxdomain, yxrrset, nxrrset, notauth, rcode10, rcode11, rcode2, rcode13, rcode14, rcode15).
Counts the rcodes returned by authoritative servers.
The corresponding Prometheus metrics consist of multiple entries of the form pdns_recursor_auth_rcode_answers{rcode="xxx"}.
counts the number of queries to locally hosted authoritative zones (auth-zones) since starting
size of the cache in bytes (disabled by default, see stats-rec-control-disabled-list) This metric is a rough estimate and takes a long time to compute, and is therefore not enabled in default outputs.
shows the number of entries in the cache
counts the number of cache hits since starting, this does not include hits that got answered from the packet-cache
counts the number of cache misses since starting
counts the number of mismatches in character case since starting
number of queries chained to existing outstanding query
counts number of client packets that could not be parsed
shows the number of MThreads currently running
shows the number of milliseconds spent in thread n. Available since 4.1.12.
New in version 4.4.
Time spent waiting for I/O to complete by the whole system, in units of USER_HZ.
New in version 4.4.
Stolen time, which is the time spent by the whole system in other operating systems when running in a virtualized environment, in units of USER_HZ.
New in version 4.6.
Cumulative counts of answer times of authoritative servers in buckets less than x microseconds. (disabled by default, see stats-rec-control-disabled-list) These metrics are useful for Prometheus and not listed in other outputs by default.
New in version 4.6.
Cumulative counts of our answer times to clients in buckets less or equal than x microseconds. These metrics include packet cache hits. These metrics are useful for Prometheus and not listed in other outputs by default.
New in version 4.6.
number of AAAA and PTR answers generated by dns64-prefix matching.
number of queries received with the DO bit set
number of responses sent, packet-cache hits excluded, that were in the DNSSEC Bogus state. Since 4.4.2 detailed counters are available, see below.
Since 4.5.0, if x-dnssec-names is set, a separate set of x-dnssec-result-... metrics become available, counting
the DNSSEC validation results for names suffix-matching a name in x-dnssec-names.
New in version 4.4.2.
number of responses sent, packet-cache hits excluded, that were in the Bogus state because a valid DNSKEY could not be found.
New in version 4.4.2.
number of responses sent, packet-cache hits excluded, that were in the Bogus state because a valid denial of existence proof could not be found.
New in version 4.4.2.
number of responses sent, packet-cache hits excluded, that were in the Bogus state because a valid DS could not be retrieved.
New in version 4.4.2.
number of responses sent, packet-cache hits excluded, that were in the Bogus state because a valid DNSKEY could not be retrieved.
New in version 4.4.2.
number of responses sent, packet-cache hits excluded, that were in the Bogus state because a DS record was signed by itself.
New in version 4.4.2.
number of responses sent, packet-cache hits excluded, that were in the Bogus state because required RRSIG records were not present in an answer.
New in version 4.4.2.
number of responses sent, packet-cache hits excluded, that were in the Bogus state because only invalid RRSIG records were present in an answer.
New in version 4.4.2.
number of responses sent, packet-cache hits excluded, that were in the Bogus state because a NODATA or NXDOMAIN answer lacked the required SOA and/or NSEC(3) records.
New in version 4.4.2.
number of responses sent, packet-cache hits excluded, that were in the Bogus state because the signature inception time in the RRSIG was not yet valid.
New in version 4.4.2.
number of responses sent, packet-cache hits excluded, that were in the Bogus state because the signature expired time in the RRSIG was in the past.
New in version 4.4.2.
number of responses sent, packet-cache hits excluded, that were in the Bogus state because a DNSKEY RRset contained only unsupported DNSSEC algorithms.
New in version 4.4.2.
number of responses sent, packet-cache hits excluded, that were in the Bogus state because a DS RRset contained only unsupported digest types.
New in version 4.4.2.
number of responses sent, packet-cache hits excluded, that were in the Bogus state because no DNSKEY with the Zone Key bit set was found.
New in version 4.4.2.
number of responses sent, packet-cache hits excluded, that were in the Bogus state because all DNSKEYs were revoked.
New in version 4.4.2.
number of responses sent, packet-cache hits excluded, that were in the Bogus state because all DNSKEYs had invalid protocols.
number of DNSSEC validations that had the Indeterminate state
number of responses sent, packet-cache hits excluded, that were in the Insecure state
number of responses sent, packet-cache hits excluded, that were in the NTA (negative trust anchor) state
number of responses sent, packet-cache hits excluded, that were in the Secure state
number of responses sent, packet-cache hits excluded, for which a DNSSEC validation was requested by either the client or the configuration
number of outgoing queries dropped because of dont-query setting (since 3.3)
counts the number of outgoing DoT queries since starting
New in version 4.3.0.
number of successful queries due to fallback mechanism within qname-minimization setting.
number of outgoing queries adorned with an EDNS Client Subnet option (since 4.1)
number of responses received from authoritative servers with an EDNS Client Subnet option we used (since 4.1)
New in version 4.2.0.
number of responses received from authoritative servers with an IPv4 EDNS Client Subnet option we used, of this subnet size (1 to 32). (disabled by default, see stats-rec-control-disabled-list)
New in version 4.2.0.
number of responses received from authoritative servers with an IPv6 EDNS Client Subnet option we used, of this subnet size (1 to 128). (disabled by default, see stats-rec-control-disabled-list)
number of servers that sent a valid EDNS PING response
number of servers that sent an invalid EDNS PING response
number of addresses in the failed NS cache.
Number of currently used file descriptors. Currently, this metric is available on Linux and OpenBSD only.
counts the number of non-query packets received on server sockets that should only get query packets
number of outgoing queries over IPv6
counts all end-user initiated queries with the RD bit set, received over IPv6 UDP
time spent doing internal maintenance, including Lua maintenance
number of times internal maintenance has been called, including Lua maintenance
returns the number of bytes allocated by the process (broken, always returns 0)
currently configured maximum number of cache entries
currently configured maximum number of packet cache entries
maximum amount of thread stack ever used
shows the number of entries in the negative answer cache
number of erroneous received packets
Number of NOD lookups dropped because they would exceed the maximum name length
number of queries sent out without EDNS
counts the number of times it answered NOERROR since starting
number of entries in the non-resolving NS name cache
number of queries sent out without ENDS PING
number of times an nsset was dropped because it no longer worked
shows the number of entries in the NS speeds map
counts the number of times it answered NXDOMAIN since starting
counts the number of timeouts on outgoing UDP queries since starting
counts the number of timeouts on outgoing UDP IPv4 queries since starting (since 4.0)
counts the number of timeouts on outgoing UDP IPv6 queries since starting (since 4.0)
questions dropped because over maximum concurrent query limit (since 3.2)
size of the packet cache in bytes (since 3.3.1) (disabled by default, see stats-rec-control-disabled-list) This metric is a rough estimate and takes a long time to compute, and is therefore not enabled in default outputs.
size of packet cache (since 3.2)
packet cache hits (since 3.2)
packet cache misses (since 3.2)
packets dropped because of (Lua) policy decision
Number of policy decisions based on Lua (type = "filter"), or RPZ (type = "rpz"). RPZ hits include the policyName.
These metrics are useful for Prometheus and not listed in other outputs by default.
packets that were not acted upon by the RPZ/filter engine
packets that were dropped by the RPZ/filter engine
packets that were replied to with NXDOMAIN by the RPZ/filter engine
packets that were replied to with no data by the RPZ/filter engine
packets that were forced to TCP by the RPZ/filter engine
packets that were sent a custom answer by the RPZ/filter engine
shows the current latency average, in microseconds, exponentially weighted over past ‘latency-statistic-size’ packets
New in version 4.2.
questions dropped because the query distribution pipe was full
counts all end-user initiated queries with the RD bit set
New in version 4.1.12.
number of queries balanced to a different worker thread because the first selected one was above the target load configured with ‘distribution-load-factor’
Counts the number of queries that could not be performed because of resource limits. This counter is increased when Recursor encounters a network issue that does not seem to be caused by the remote end. For example when it runs out of file descriptors (monitor fd-usage) or when there is no route to a given IP address.
security status based on Security Polling
counts number of server replied packets that could not be parsed
counts the number of times it answered SERVFAIL since starting
number of times PowerDNS considered itself spoofed, and dropped the data
number of CPU milliseconds spent in ‘system’ mode
number of times an IP address was denied TCP access because it already had too many connections
counts the number of currently active TCP/IP clients
counts the number of outgoing TCP queries since starting
counts all incoming TCP queries (since starting)
shows the number of entries in the throttle map
counts the number of throttled outgoing UDP queries since starting
idem to throttled-out
questions dropped that were too old
number of TCP questions denied because of allow-from restrictions
number of UDP questions denied because of allow-from restrictions
number of NOTIFY operations denied because of allow-notify-from restrictions
number of NOTIFY operations denied because of allow-notify-for restrictions
number of answers from remote servers that were unexpected (might point to spoofing)
number of times nameservers were unreachable since starting
number of seconds process has been running (since 3.1.5)
number of CPU milliseconds spent in ‘user’ mode
New in version 4.2.
Responses that were marked as ‘variable’. This could be because of EDNS Client Subnet or Lua rules that indicate this variable status (dependent on time or who is asking, for example).
New in version 4.1: Not yet proven to be reliable
PowerDNS measures per query how much time has been spent waiting on authoritative servers. In addition, the Recursor measures the total amount of time needed to answer a question. The difference between these two durations is a measure of how much time was spent within PowerDNS. This metric is the average of that difference, in microseconds.
New in version 4.1: Not yet proven to be reliable
Counts responses where between 0 and 1 milliseconds was spent within the Recursor. See x-our-latency for further details.
New in version 4.1: Not yet proven to be reliable
Counts responses where between 1 and 2 milliseconds was spent within the Recursor. See x-our-latency for further details.
New in version 4.1: Not yet proven to be reliable
Counts responses where between 2 and 4 milliseconds was spent within the Recursor. Since 4.1. See x-our-latency for further details.
New in version 4.1: Not yet proven to be reliable
Counts responses where between 4 and 8 milliseconds was spent within the Recursor. See x-our-latency for further details.
New in version 4.1: Not yet proven to be reliable
Counts responses where between 8 and 16 milliseconds was spent within the Recursor. See x-our-latency for further details.
New in version 4.1: Not yet proven to be reliable
Counts responses where between 16 and 32 milliseconds was spent within the Recursor. See x-our-latency for further details.
New in version 4.1: Not yet proven to be reliable
Counts responses where more than 32 milliseconds was spent within the Recursor. See x-our-latency for further details.