Skip to content

Wishlist: statistics for DNS-over-TCP and TLS

A couple of suggestions:

  1. For DNS-over-TLS using a proxy, it would be nice to have separate statistics counters from queries that came from the proxy. When the TLS proxy is running on the same server, it would be enough to have separate counters when the client address is in the interface list that BIND keeps track of. Is this generally useful enough to be worthwhile?

  2. For DNS-over-TCP (and by implication, DNS-over-TLS) it would be helpful to have some guide to setting TCP idle timeouts. Two things would help:

    • include the connection age in the query log - useful for later analysis, but no good if query logging needs to be left off

    • keep an overall histogram of connection age - I don't know of any smaller summary statistics that would be useful, because the distribution of queries is very skewed

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information