NAME

      dnscache-log -- Format of the dnscache log

LOG ENTRIES

       During operation, dnscache writes the following log entry types:

       o   cached type name

       o   cached cname name cname

       o   cached ns control server

       o   cached nxdomain name

       o   drop serial error

       o   servflagged [%|-] serverip

       o   lame serverip name control

       o   nodata serverip ttl type name

       o   nxdomain serverip ttl name

       o   query serial clientip:clientport:id type name

       o   rr serverip ttl type name data

       o   rr serverip ttl cname name cname

       o   rr serverip ttl mx name preference exchanger

       o   rr serverip ttl ns name server

       o   rr serverip ttl ptr name pname

       o   rr serverip ttl soa server email serial refresh retry expire
           minimum

       o   sent serial length

       o   servfail name error

       o   starting dnscache listening on ip ... sending queries from ip ....
           udp maxsize =

       o   stats query-count cache-motion udp-active edn-active tcp-active

       o   tcpopen clientip:clientport

       o   tcpclose clientip:clientport error

       o   tx gluelessness type name control [!|~|-|+|*] serverips...

       IP addresses, ports, ids, and query types are given in hexadecimal
            name      The domain name for which records were needed.

       ->  cached cname name cname

       dnscache found the answer to a client query in its cache, and the
       answer was a CNAME record.  In this case, dnscache starts over, looking
       for the same record type but with the "canonical name".

            Field     Meaning
            name      The domain name for which the client wants records.
            cname     The "canonical name" for name.
                      (Meaning: That name should be treated as an alias for cname.)

       ->  cached ns control server

       dnscache needed to know the authoritative nameservers for some domain,
       and found a set of nameservers for the domain, or some ancestor of it, in the cache.
       dnscache creates one log entry for each nameserver in the set.
       The actual name for which dnscache needed to find nameservers is
       on the query log entry preceding the set of cached ns log entries.
       For example:

            query 673 7f000001:09b6:7c48 1 www.windows.com.
            cached ns com. a.root-servers.net.
            cached ns com. e.gtld-servers.net.
            cached ns com. f.gtld-servers.net.
            cached ns com. j.gtld-servers.net.
            cached ns com. k.gtld-servers.net.
            cached ns com. a.gtld-servers.net.
            cached ns com. m.gtld-servers.net.
            cached ns com. g.gtld-servers.net.
            cached ns com. c.gtld-servers.net.
            cached ns com. i.gtld-servers.net.
            cached ns com. b.gtld-servers.net.
            cached ns com. d.gtld-servers.net.

       dnscache needed to know the authoritative nameservers for
       www.windows.com, and the nearest set of nameservers in its cache was
       the set of nameservers that are authoritative for com.

            Field     Meaning
            control   The domain name for which server is authoritative.
            server    The name of a server that is authoritative for control.

       ->  cached nxdomain name

       dnscache needs to find records for name and found a cached nxdomain
       entry in the cache.

            Field     Meaning
            name      The domain name for which records were requested.

       dnscache received an AXFR request.

       ->  out of memory

       dnscache could not allocate memory for parsing a query packet or
       building a response.

       ->  servflagged [%|-] serverip

       dnscache was instructed to omitt name server with '% serverip' or to
       use a standard query for '- serverip'.

       ->  lame serverip name control

       dnscache found a lame delegation. This means that the server is
       supposed to be authoritative for some domain, but isn't.

            Field     Meaning
            serverip  The IP address of the lame server.
            name      The domain name for which records were requested.
            control   The domain for which the server is supposed to be authoritative, but isn't.

       ->  nodata serverip ttl type name

       dnscache received a "no data" response.  This means that the server has
       records for the requested name, but no records of the requested type.

            Field     Meaning
            serverip  The IP address of the responding server.
            ttl       The time-to-live of the SOA record in the response.
                      (This is how long dnscache is allowed to cache the negative response.
                      dnscache will not cache a negative response for more than one hour in any case.)
            type      The requested record type.
            name      The domain name for which records were requested.

       ->  nxdomain serverip ttl name

       dnscache received a "Name Error" response. This means that the server
       has no records of any type for the requested name.

            Field     Meaning
            serverip  The IP address of the responding server.
            ttl       The time-to-live of the SOA record in the response.
                      (This is how long dnscache is allowed to cache the negative response.
                      dnscache will not cache a negative response for more than one hour in any case.)
            name      The domain name for which records were requested.

       ->  query serial clientip:clientport:id type name

       dnscache received a packet containing a query and intends to try to
       answer it.

       ->  sent serial length

       dnscache finished constructing a response to a query. If the query came
       over UDP, then dnscache also sent the response. If the query came over
       TCP, then dnscache did not send the response before making this log
       entry. (Sending over TCP may block so dnscache trickles the data out as
       part of its main loop.)

            Field     Meaning
            serial    The serial number of the client request to which dnscache responded.
                      (See query for an explanation of client request serial numbers.)
            length    The number of bytes in the response.

       ->  servfail name error

       dnscache sent a packet with rcode 2, "Server failure", because it
       encountered an error.  Some of the errors that can make dnscache do
       this:

          failure to allocate storage for a received DNS packet

          failure to create a UDP socket

          failure to set the O_NONBLOCK flag on the UDP socket

          failure to bind the UDP socket to a port

          failure to transmit a packet to any of up to 16 nameservers and
          receive a response packet with an rcode of 0 (no error) or 3
          (NXDOMAIN), with four attempts per nameserver

          failure to create a TCP socket

          failure to set the O_NONBLOCK flag on the TCP socket

          failure to bind the TCP socket to a port

          failure to connect the TCP socket to any of up to 16 nameservers
          (one attempt per nameserver), transmit a query to the nameserver,
          and receive a response packet with an rcode of 0 (no error) or 3
          (NXDOMAIN)

            Field     Meaning
            name      The domain name for which the dnscache was trying to find records.

            error     Error message will always be "input/output error".

       ->  starting dnscache listening on IP ... sending queries from ... udp
           maxsize

       dnscache logs this entry when it starts up and providing information on
       it's binding and the default UDP maximum message size it uses.
            tcp-active     Number of queries that dnscache has received via TCP but not yet responded to or dropped.

       ->  tx gluelessness type name control [!|~|-|+|*] serverips...

       This line indicates that dnscache transmitted a query.

            Field          Meaning
            gluelessness   The amount of gluelessness that generated this query.
                           (Read djb's explanation of gluelessness.)
            type           The requested record type.
            name           The domain name for which records are being requested.
            control        The authoritative anchestor domain.
            [!|~|-|+|*]    Field indicating the server qualification.
                           (Currently, '-' means none, and '+' says CurveDNS qualification.)
            serverips      List of IP addresses referencing authoritive servers
                           for control used for random name lookup.


EXAMPLE FOR NAME RESOLUTION

       Suppose the cache is empty, and you ask dnscache for the A records for
       example.com.  First, dnscache will send a query to a root server,
       because the root server is authoritative for the root domain (written
       ".").  So the tx line for the query will have "." in the control field.

       The root server will give dnscache a list of servers that are
       authoritative for the com domain.  dnscache will ask one of the com
       servers for the A records for example.com, and the log entry will have
       com.  in the control field.

       Suppose the com server says that ns.example.net is authoritative for
       example.com.  Then when dnscache asks ns.example.net for A records for
       example.com, the log entry will have example.com in the control field.


EXAMPLE FOR GLUELESSNESS

       For the case of www.monty.de, the queries dnscache sent for
       www.monty.de have gluelessness 0.  The query sent for ns.norplex.net
       has gluelessness 1.  The query for vserver.neptun11.de has gluelessness
       2.  The query sent for ns.germany.net has gluelessness 3.  And so on.


SEE ALSO

       dnscache (8), dnscache-conf (8)


REFERENCE

       http://www.dqd.com/~mayoff/notes/djbdns/dnscache-log.html (used by
       permission)




Man(1) output converted with man2html