Monitoring BIND9

The goal here is to monitor DNS servers running BIND version 9 and graph the various statistics that it records about itself. The statistics will be made available to the Net-SNMP daemon by a script. From there, the data can be polled by whatever NMS you choose to use.

Table of Contents

Getting Stats from BIND

BIND stores a number of statistics internally. In earlier versions of BIND there were only a handful of statistics available. In more recent versions (9.6 and newer), there are some very detailed statistics present. To retrieve stats, issue the rndc stats command. This will instruct BIND to dump the stats to the statistics-file as configured in named.conf.

A quick look at the statistics file from BIND version 9.4:

+++ Statistics Dump +++ (1293359406)
success 21553
referral 0
nxrrset 864
nxdomain 10869
recursion 15348
failure 65
--- Statistics Dump --- (1293359406)

In BIND version 9.6 the format of the statistics file has been changed.

+++ Statistics Dump +++ (1293402423)
++ Incoming Requests ++
              407104 QUERY
                  29 NOTIFY
++ Incoming Queries ++
               57244 A
                  15 SOA
               10504 PTR
                 664 MX
              314258 TXT
               24068 AAAA
                 351 SRV
++ Outgoing Queries ++
[View: default]
               60597 A
                  11 NS
                  28 SOA
                 244 PTR
                   3 MX
                1008 TXT
               36861 AAAA
                 190 SRV
                  ...... (output trimmed)

I’ve created one set of scripts for each file format. There is a single script for BIND 9.4. It gets called directly by Net-SNMP where it will tell BIND to write its stats to disk (by using rndc). The script will then parse out the specific statistic that Net-SNMP asked it for. For BIND 9.6 and newer, there are two scripts. The first script is meant to run from cron where it will dig through the statistics file for the most recently saved statistics. It writes those stats to a second file in a machine parsable format. The second script is then called by Net-SNMP where it will fetch the requested statistic from the machine parsable file.

The crontab entry for the BIND 9.6+ script should look something like this:

*/5 * * * * /usr/sbin/rndc stats; \
< /var/named/tmp/named.stats > /tmp/named.stats

The script reads the statistics file on stdin and will write its output to stdout. Make sure that wherever you direct the output of the script to is readable by the user that the Net-SNMP daemon runs as. Also make sure you adjust the script to read from this same file.

Serving Stats via SNMP

Since the goal is to use SNMP to monitor the DNS server, the data in the statistics file must be made available via SNMP. The Net-SNMP SNMP daemon allows for data to be retrieved using local shell scripts or programs. The data retrieved from these scripts is made available under the . MIB table. More information on how this works is available in the snmpd.conf manual page (look for the exec keyword).

The following lines are added to snmpd.conf:

# for bind 9.4
exec bind9-ok /var/net-snmp/ ok
exec bind9-fail /var/net-snmp/ fail

# for bind 9.6+
exec bind9-query /var/net-snmp/ incoming_requests:query

The first line will return the number of successful queries, the second the number of failed. The /var/net-snmp/ shell script has the task of taking data from BIND’s statistics file and passing it to the SNMP daemon. The script is available here:

A fellow network person who read this page contributed a second version of the script which will also return stats for “referral”, “nxrrset”, “nxdomain”, etc, queries. That script is here: This script is called with the desired query type as its argument, e.g.:

exec bind9-success /var/net-snmp/ success
exec bind9-failure /var/net-snmp/ failure
exec bind9-nxdomain /var/net-snmp/ nxdomain
exec bind9-recursion /var/net-snmp/ recursion

The possible arguments to can be seen by looking at the output of the script.

Sun Dec 26 21:05:05 2010



Statistics such as outgoing_queries+internet_view:a are related to a particular view (in this case, a view called internet_view). Everything else is either related to the default view or is a global statistic.

Once snmpd.conf is updated and snmpd is restarted, a walk of the . MIB will show the script in action.

enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
enterprises.ucdavis.extTable.extEntry.extNames.1 = bind9-ok
enterprises.ucdavis.extTable.extEntry.extNames.2 = bind9-fail
enterprises.ucdavis.extTable.extEntry.extCommand.1 = /var/net-snmp/ ok
enterprises.ucdavis.extTable.extEntry.extCommand.2 = /var/net-snmp/ fail
enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
enterprises.ucdavis.extTable.extEntry.extResult.2 = 0
enterprises.ucdavis.extTable.extEntry.extOutput.1 = 268814
enterprises.ucdavis.extTable.extEntry.extOutput.2 = 78
enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
enterprises.ucdavis.extTable.extEntry.extErrFixCmd.1 =
enterprises.ucdavis.extTable.extEntry.extErrFixCmd.2 =

Of interest are the extOutput lines which return the output from the scripts.

Download for BIND 9.4
Author: Joel Knight
Returns number of successful or failed queries.

$ (recommended)
Author: Evgeny Zislis (aka Kesor) <>
Returns stats for all query types.

$ <success|referral|nxrrset|nxdomain|recursion|failure>

Download for BIND 9.6 and Newer
Author: Joel Knight
Parses the BIND statistics file and outputs them in a machine parsable format.

$ < /path/to/named.stats > /tmp/parsable.stats
Author: Joel Knight
Pulls out a certain statistic from the machine parsable file. Make sure you edit this script and tell it where that parsable file is located.

$ <statistic>


Be aware that when rndc stats is run, the statistics file isn’t overwritten, it’s appened-to. This means the file will continue to grow larger in size once you start using these scripts. A good idea may be to add a weekly cron job to delete the file so that its size can be kept in check or use your system’s log rotation utility to rotate or trim the file.

As explained in the snmpd.conf manpage, when snmpd runs external commands such as, it caches the results in the file /var/net-snmp/.snmp-exec-cache. This file must be writeable by the user that snmpd is running as or else it will not return the output from the external script being ran.

Networking. Unix. Cyber Security. Code. Protocols. System Design. My Blog.