New metrics to report DNSSEC signing operations and IXFRs [ISC-support #13431]
For large DNSSEC signed zones with frequent updates there are many signing operations happening both due to the updates and part of routing re-signing. If the zone has a secondary configured there are also frequent IXFRs, some of which can be very big. It would be helpful to have metrics to report and monitor this activity on the master.
The main request is to add the following metrics to the statistics:
- Total number of signing operations
- Number of maintenance signing operations (i.e. signature refresh/update)
It would be helpful to also give the key id used for signing.
Two further requests that would help with monitoring of outgoing IXFRs on busy masters (particularly when the secondary is operated by a different organisation):
- Add metrics on the size of the IXFRs e.g. min, max and average size of IXFRs
- Add the same details to the XFR log on the master that are reported on the secondary:
transfer of 'example.com/IN' from 127.0.0.1#7753: Transfer completed: 1 messages, 14 records, 986 bytes, 0.001 secs (986000 bytes/sec). The log on the master currently only reports that the transfer started and ended.