stork issueshttps://gitlab.isc.org/isc-projects/stork/-/issues2021-06-01T08:44:42Zhttps://gitlab.isc.org/isc-projects/stork/-/issues/54Req 5.1 View Zones List2021-06-01T08:44:42ZVicky Riskvicky@isc.orgReq 5.1 View Zones ListAs an administrator I would like to be able to browse a list of DNS zones that I am publishing, along with a bunch of information on the zone.
1. This is likely to be a very large table, with pages of data, so I would like to be able t...As an administrator I would like to be able to browse a list of DNS zones that I am publishing, along with a bunch of information on the zone.
1. This is likely to be a very large table, with pages of data, so I would like to be able to apply filters to make it more manageable.
1. I want to be able to accommodate up to 2M small zones, 2M RRs zone, 100 views.
1. I would like to be able to sort this by zone name, zone type, time of last update (this might be the default sort), zone size? signing status (signed/unsigned/expired?), #RRs.
1. This zone list should include 'dynamic', 'traditional', catalog, automatic, mirror, root hints, forward, stub, static stub zones.
1. I would like to know the zone type and permit filtering based on zone type.
1. I would like to search based on ... (?cnames?)
1. I would like to know which slaves are publishing that zone
1. I may know a zone name, or partial zone name and will want to know more about that zone.backlogMatthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/stork/-/issues/55Req 5.1 - Zone Transfer Impact2021-06-01T08:44:42ZVicky Riskvicky@isc.orgReq 5.1 - Zone Transfer ImpactFrom BIND GL issue #513
As an administrator I need to determine the impact of large zone updates on operations.
I may see a drop in QPS performance and want to investigate whether this was caused by a large zone transfer. I will need t...From BIND GL issue #513
As an administrator I need to determine the impact of large zone updates on operations.
I may see a drop in QPS performance and want to investigate whether this was caused by a large zone transfer. I will need to see information that will help me identify which zone, how large it is, when it was updated, so that I can see if I can adjust the configuration to ameliorate the impact of large zone transfers.
Details
* Add metrics on the size of the IXFRs e.g. min, max and average size of IXFRs
* Add the same details to the XFR log on the master that are reported on the secondary:
* transfer of 'example.com/IN' from 127.0.0.1#7753: Transfer completed: 1 messages, 14 records, 986 bytes, 0.001 secs (986000 bytes/sec). The log on the master currently only reports that the transfer started and ended.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/56Req 5.3 - View Zone Status2021-06-01T08:44:40ZVicky Riskvicky@isc.orgReq 5.3 - View Zone Status"from a user ""It would be very helpful for us to have the various zone timers exposed through the statistics channel. The information is currently available through `rndc zonestatus`, but it would be far easier for us to monitor the ser..."from a user ""It would be very helpful for us to have the various zone timers exposed through the statistics channel. The information is currently available through `rndc zonestatus`, but it would be far easier for us to monitor the servers if this were accessible through the stats channel.
Our use case would be to monitor for zones approaching expiration. We'd like to use the stats channel to pull the full list of zones with the timers in one operation, and then parse the data."""backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/57Req 5.4 - Zone Signing Status2021-06-01T08:44:41ZVicky Riskvicky@isc.orgReq 5.4 - Zone Signing StatusAs an admin I want to see DNSSEC details, key information, signature validity period, when is the next key rollover, when is the next resign, and what is the zone that will be resigned next.. nsec3As an admin I want to see DNSSEC details, key information, signature validity period, when is the next key rollover, when is the next resign, and what is the zone that will be resigned next.. nsec3backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/58Req 5.5 - View NTAs2023-04-11T16:19:44ZVicky Riskvicky@isc.orgReq 5.5 - View NTAsAs an administrator, I need to see what Negative trust anchors are configured. I may have help desk staff that need to be prepared to answer questions about zones that may stop validating.
Questions I have:
* What NTAs are active?
* Fo...As an administrator, I need to see what Negative trust anchors are configured. I may have help desk staff that need to be prepared to answer questions about zones that may stop validating.
Questions I have:
* What NTAs are active?
* For the NTAs configured, when do they expire?
* I also want to see any 'permanent NTAs'. (zones with = validate except.)backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/60Req 5.7 - View RPZ Statistics2021-06-01T08:44:42ZVicky Riskvicky@isc.orgReq 5.7 - View RPZ StatisticsAs an administrator I need to know how much of an impact RPZ is having.
I may be either introducing RPZ for the first time, or trialing an additional RPZ feed and attempting to evaluate how many more matches are found with the addition ...As an administrator I need to know how much of an impact RPZ is having.
I may be either introducing RPZ for the first time, or trialing an additional RPZ feed and attempting to evaluate how many more matches are found with the addition of a new zone(s). I would like to be able to report the number of possible 'bad' queries blocked to management, to justify the cost of commercial RPZ feeds.
The most basic metric is a global counter (eg. 15 minute intervals) of RPZ matches. If we just have a global counter of RPZ matches, then if the user adds a new RPZ feed, they can look to see how much that number changed by.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/61Req 5.7.2 - RPZ Detail2021-06-01T08:44:42ZVicky Riskvicky@isc.orgReq 5.7.2 - RPZ DetailAs a user, I would like to know how many RPZ matches are coming from *each* RPZ zone. RPZ zones are evaluated in order they are configured, so if two zones include the same filter, the 'match' will be attributed to the first RPZ listed. ...As a user, I would like to know how many RPZ matches are coming from *each* RPZ zone. RPZ zones are evaluated in order they are configured, so if two zones include the same filter, the 'match' will be attributed to the first RPZ listed.
If we can communicate this (the order of the RPZ zones and its relationship to how many answers were blocked by each zone) in the UI that would be helpful.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/62Req 5.7.1 - RPZ Response Actions2021-06-01T08:44:41ZVicky Riskvicky@isc.orgReq 5.7.1 - RPZ Response ActionsAs a user, I would like to investigate RPZ matches to determine or estimate the type of abuse being blocked by RPZ.
I can extrapolate the type of abuse (malware, legal filtering, etc) based on the type of RPZ action.
Report statistics ...As a user, I would like to investigate RPZ matches to determine or estimate the type of abuse being blocked by RPZ.
I can extrapolate the type of abuse (malware, legal filtering, etc) based on the type of RPZ action.
Report statistics on the type of RPZ action taken (type of action, rewrites, NXDOMAIN etc.)backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/65Req 6.5 - Cache Details2021-06-01T08:44:41ZVicky Riskvicky@isc.orgReq 6.5 - Cache DetailsAs a user I would like to see details on what is in the cache in order to determine why the cache hit ratio might be low. The purpose of displaying this data is to help guide me about configuration settings that could improve the cache e...As a user I would like to see details on what is in the cache in order to determine why the cache hit ratio might be low. The purpose of displaying this data is to help guide me about configuration settings that could improve the cache effectiveness.
Useful details would include
* cache size (memory, # of records)
* average ttl of records in cache (perhaps also min and max ttl?)
* breakdown by record type, status (valid vs expired)
* LRU of records pre-fetched
* LRU of records that expired without being re-queried
* top 500(?) records most frequently queried
* cache cleaning (how dirty is the cache)backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/66Req 6.7 - Memory Utilization2021-06-01T08:44:42ZVicky Riskvicky@isc.orgReq 6.7 - Memory UtilizationAs a user, I would like to know what named's current memory allocation being used for.
* If I am running low on available memory, I want to identify possible options for reducing memory consumption with a configuration change.
* Alterna...As a user, I would like to know what named's current memory allocation being used for.
* If I am running low on available memory, I want to identify possible options for reducing memory consumption with a configuration change.
* Alternatively, this will help me identify 'runaway' processes that are eating memory and not freeing it as part of a troubleshooting exercise.
* When I am operating a hybrid server I need to see the amount of memory being used for auth vs recursive functions.
Some of this information may be available by querying the machine rather than the service.
We may want to review what would be presented. As an operator, I am not going to benefit from really cryptic references to processes inside BIND that I cannot control or stop. However, ISC technical support might want some long list of arcane stuff that I cannot interpret.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/67Req 7.1 - Performance Troubleshooting2021-06-01T08:44:41ZVicky Riskvicky@isc.orgReq 7.1 - Performance TroubleshootingAs a user, I am looking for information that should be flagged that may help understand what is limiting performance currently.
I am particularly concerned about maximizing performance of my resolver.
What are the critical resources I ...As a user, I am looking for information that should be flagged that may help understand what is limiting performance currently.
I am particularly concerned about maximizing performance of my resolver.
What are the critical resources I need to monitor, besides memory?
- [x] CPU
- [ ] threads
- [ ] sockets??
- [ ] TCP connections
- [ ] 'clients'?
what else?
What information is available on what is tying up these resources?
Quote from Cathy "What is BIND doing (while it is, eating memory, eating CPU, not responding, apparently twiddling it's thumbs or ..?)"backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/68Req 7.2 - Throttling2021-06-01T08:44:41ZVicky Riskvicky@isc.orgReq 7.2 - ThrottlingI would like to know if I am throttling traffic based on configured limits. If so, I might want to change these limits to throttle more or less.
These limits are typically designed to protect the system from being overwhelmed in case of...I would like to know if I am throttling traffic based on configured limits. If so, I might want to change these limits to throttle more or less.
These limits are typically designed to protect the system from being overwhelmed in case of a DDOS. However, sometimes the throttles are set low enough that they impact throughput unnecessarily during normal operation.
Priorities
* Fetch-limits
* clients per query
* client-quotas
* TCP quotas
* RRL
? Is this server being throttled by fetch-limits or is this zone being throttled by fetch-limits?
Log instances of crossing the thresholds where throttling kicks in, when you cross the threshold again on the way down.
Several specific problems we would like to address are:
* https://gitlab.isc.org/isc-projects/bind9/issues/665 Add "rndc fetchlimits" command to dump currently-active ADB rate-limited servers and zones
* https://gitlab.isc.org/isc-projects/bind9/issues/915 Add ability to determine frozen zones
* https://gitlab.isc.org/isc-projects/bind9/issues/1232 [ISC-support #15166] expose zone timers (reload, refresh, expire) via stats channelbackloghttps://gitlab.isc.org/isc-projects/stork/-/issues/69Req 7.2.1 - Throttling and cookies2021-06-01T08:44:41ZVicky Riskvicky@isc.orgReq 7.2.1 - Throttling and cookiesAs an operator, I would like to know, what % of clients are avoiding RRL by providing cookies?As an operator, I would like to know, what % of clients are avoiding RRL by providing cookies?backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/72Req 7.4 - Cache cleanup2021-06-01T08:44:42ZVicky Riskvicky@isc.orgReq 7.4 - Cache cleanupAs an administrator of a resolver, I want to maximize the utility of my memory allocated for cache. I need to know, what's expired in cache and still not cleaned up?As an administrator of a resolver, I want to maximize the utility of my memory allocated for cache. I need to know, what's expired in cache and still not cleaned up?backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/73Req - 7.6 - SRTT Information2021-06-01T08:44:41ZVicky Riskvicky@isc.orgReq - 7.6 - SRTT InformationAs a network administrator, I am curious about how BIND is choosing what server to send a query to. This is a FAQ on BIND-users and is something of a mystery to a lot of users.
I would like to see what BIND knows about authoritative serv...As a network administrator, I am curious about how BIND is choosing what server to send a query to. This is a FAQ on BIND-users and is something of a mystery to a lot of users.
I would like to see what BIND knows about authoritative servers - I want to see a list of servers for a domain and the current and historical srtt values for those servers.
Which server will BIND query for this domain and why.
Also, which servers are EDNS capable?backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/125Kea CA, rndc, Stork Agent and absolute paths2021-06-01T08:44:42ZMarcin SiodelskiKea CA, rndc, Stork Agent and absolute pathsKea detection requires absolute paths to the configuration files of the Control Agent. Starting the agent like this:
```
sudo sbin/kea-ctrl-agent -c etc/kea/kea-ctrl-agent.conf
```
would confuse the Stork Agent as it cannot find `etc/...Kea detection requires absolute paths to the configuration files of the Control Agent. Starting the agent like this:
```
sudo sbin/kea-ctrl-agent -c etc/kea/kea-ctrl-agent.conf
```
would confuse the Stork Agent as it cannot find `etc/kea/kea-ctrl-agent.conf` if it assumes that this an absolute path.
And similar for BIND 9.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/340Create BIND 9 dashboard2021-06-01T08:44:41ZTomek MrugalskiCreate BIND 9 dashboardDuring the UI discussion, we decided that long term we want to have 2 dashboards. We already have one for Kea. We should add a new one for BIND 9. I was thinking it could have a list of bind instances, cache hit ratio, uptime, cpu usage,...During the UI discussion, we decided that long term we want to have 2 dashboards. We already have one for Kea. We should add a new one for BIND 9. I was thinking it could have a list of bind instances, cache hit ratio, uptime, cpu usage, mem usage, ..., link to Grafana
This would be a good start.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/341Self-documenting stats (--list-stats switch for agent)2021-06-01T08:44:42ZTomek MrugalskiSelf-documenting stats (--list-stats switch for agent)@matthijs and @tomek discussed the need to have a good statistics list for BIND 9. One way to achieve that would be to implement a `--list-stats` kind of command line switch. It would export the list of currently supported stats by the a...@matthijs and @tomek discussed the need to have a good statistics list for BIND 9. One way to achieve that would be to implement a `--list-stats` kind of command line switch. It would export the list of currently supported stats by the agent, along with some reasonably easy to understand, non-cryptic, non-overly abbreviated description.
For bonus points, that list could be in a format that could be integreated into Stork ARM.
This would address a real issue many BIND 9 users are having: BIND 9 has lots of stats, but nobody really knows what they mean. We won't solve the problem instantly. Incremental steps are the way to go.
We want to have something similar for Kea. However, Kea stats are well documented, so there is less pressing need for this (which also makes the issue easier to solve for Kea, by employing well proven copy-paste programming techniques) ;)backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/352More BIND resolver query details2021-06-01T08:44:41ZVicky Riskvicky@isc.orgMore BIND resolver query detailsNow that we have the basic query details in Grafana, we would like even more details. These additional requirements were moved from #63
- [ ] regular vs encrypted queries (once we have DoT)
- [ ] 'direct' vs forwarded queries
- [ ] RPZ...Now that we have the basic query details in Grafana, we would like even more details. These additional requirements were moved from #63
- [ ] regular vs encrypted queries (once we have DoT)
- [ ] 'direct' vs forwarded queries
- [ ] RPZ statistics - # of RPZ matches
- [ ] # of rewrites, NXDOMAINs, by RPZ zone, % of queries that hit RPZ.
- [ ] It is also relevant, if possible to ask what % of different negative answers, such as, NXDOMAINs, SERVFAILs or NODATAs are 'real' vs RPZ re-writes.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/535Stork agent - application detection model (specify named, kea ip/port manually)2023-03-15T19:05:55Zymartin-ovhStork agent - application detection model (specify named, kea ip/port manually)---
name: Ability to pass bind9/kea endpoints via CLI or configuration file
about: Suggest an idea for this project
---
Hello
I wanted to run stork agent to use the nice work done on the prometheus side of this daemon.
On my hardened ...---
name: Ability to pass bind9/kea endpoints via CLI or configuration file
about: Suggest an idea for this project
---
Hello
I wanted to run stork agent to use the nice work done on the prometheus side of this daemon.
On my hardened systems (grsecurity), I tried to run on a specific unix user and runs into the following issue.
Application detection model can work as process.Process() does not return "named" process.
An alternative to the whole detection mechanism is to have the ability to pass statistic channel endpoint (ip, port), eventually control channel with command line or configuration file.
With that, the daemon could run on different user id or different system for example or on pod different from bind9 pod in a kubernetes deployment.
Plus, this would help in unit-test. You could have multiple bind version running and check stork-agent against them.
What do you think about that ?
Regardsbackloghttps://gitlab.isc.org/isc-projects/stork/-/issues/582Retrieve rcodes and qtypes per zone2021-10-19T11:13:42ZalbsgaRetrieve rcodes and qtypes per zoneIt will be interesting to retrieve the data from the json, building an struct with [] to gather the data as it is an array of dicts.
It's is important the format of the Prometheus output, it will be also interesting to have something si...It will be interesting to retrieve the data from the json, building an struct with [] to gather the data as it is an array of dicts.
It's is important the format of the Prometheus output, it will be also interesting to have something similar to:
```
bind_zones_queries_total{type="A", zone="example.com,"view="_default"} 91
bind_zones_queries_total{type="CNAME",zone="example.com,"view="_default"} 32
bind_zones_queries_total{type="A", zone="example3.com,"view="_default"} 3
bind_zones_queries_total{type="CNAME",zone="example3.com,"view="_default"} 22
```
Thanks!!backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/760Form to add a record to the Bind zone2022-06-07T13:13:43ZSlawek FigielForm to add a record to the Bind zoneThis is feedback after the demo presentation from Dan T:
add a record to existing zoneThis is feedback after the demo presentation from Dan T:
add a record to existing zoneoutstandinghttps://gitlab.isc.org/isc-projects/stork/-/issues/787Consistent spelling of the BIND 9 name2022-09-06T18:51:41ZSlawek FigielConsistent spelling of the BIND 9 nameWe have inconsistent spelling of the BIND 9 in the Stork codebase and documentation.
We use:
- `bind`
- `Bind`
- `bind_9`
- `BIND 9`
- `bind9`
- `BIND9`
We need to decide how is a correct spelling in different contexts:
- in document...We have inconsistent spelling of the BIND 9 in the Stork codebase and documentation.
We use:
- `bind`
- `Bind`
- `bind_9`
- `BIND 9`
- `bind9`
- `BIND9`
We need to decide how is a correct spelling in different contexts:
- in documentation
- in docstrings and comments in code
- in function/class/variable names with `snake_case` naming convention (for lower and upper cases)
- in function/class/variable names with `kebab-case` naming convention (for lower and upper cases)
- in function/class/variable names with `camelCase` naming convention
- in function/class/variable names with `PascalCase` naming convention
We should change the spelling on the repository and wiki pages (including code guidelines).backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/815Indicate connection issues to the Bind9 statistics endpoint2022-08-09T13:31:30ZSlawek FigielIndicate connection issues to the Bind9 statistics endpointStork UI doesn't notify that the Stork Agent has connection problems with access to the statistics endpoint. Adding any visible warnings would be helpful in troubleshooting.Stork UI doesn't notify that the Stork Agent has connection problems with access to the statistics endpoint. Adding any visible warnings would be helpful in troubleshooting.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/833Avoid creating separate metrics per transport2022-10-25T13:36:55ZSlawek FigielAvoid creating separate metrics per transportReported by @ray - [Source](https://mattermost.isc.org/isc/pl/n5hqa4gzmigjj87p6c4exbs8zc):
> \# TYPE bind_traffic_incoming_requests_udp4_size histogram
> bind_traffic_incoming_requests_udp4_size_bucket{le="47"} 2
> bind_traffic_inco...Reported by @ray - [Source](https://mattermost.isc.org/isc/pl/n5hqa4gzmigjj87p6c4exbs8zc):
> \# TYPE bind_traffic_incoming_requests_udp4_size histogram
> bind_traffic_incoming_requests_udp4_size_bucket{le="47"} 2
> bind_traffic_incoming_requests_udp4_size_bucket{le="+Inf"} 2
> bind_traffic_incoming_requests_udp4_size_sum NaN
> bind_traffic_incoming_requests_udp4_size_count 2
I'd also like to suggest that the udp4 part of these metrics should be a label e.g. {transport="udp4" } and not separate metrics per transport
the rationale is that as an operator, I want to be able to graph these things (udp4, tcp6, etc) in aggregate, and also in isolation, and IIUC, labels are the Prometheus way to accomplish thatoutstandinghttps://gitlab.isc.org/isc-projects/stork/-/issues/834NaN metrics values2023-01-30T13:13:47ZSlawek FigielNaN metrics valuesReported by @ray - [Source](https://mattermost.isc.org/isc/pl/n5hqa4gzmigjj87p6c4exbs8zc)
I don't yet have a Prometheus server polling this, but the NaN from the raw /metrics pull here seems wrong:
```
# TYPE bind_traffic_incoming_requ...Reported by @ray - [Source](https://mattermost.isc.org/isc/pl/n5hqa4gzmigjj87p6c4exbs8zc)
I don't yet have a Prometheus server polling this, but the NaN from the raw /metrics pull here seems wrong:
```
# TYPE bind_traffic_incoming_requests_udp4_size histogram
bind_traffic_incoming_requests_udp4_size_bucket{le="47"} 2
bind_traffic_incoming_requests_udp4_size_bucket{le="+Inf"} 2
bind_traffic_incoming_requests_udp4_size_sum NaN
bind_traffic_incoming_requests_udp4_size_count 2
```backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/835rndc configuration2022-11-15T16:07:54ZRay Bellisrndc configurationThe file `rndc.conf` in the same directory as `named.conf` should be used in preference to `rndc.key`.
Refs:
* #831
* https://kb.isc.org/docs/aa-00722The file `rndc.conf` in the same directory as `named.conf` should be used in preference to `rndc.key`.
Refs:
* #831
* https://kb.isc.org/docs/aa-00722backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/862Pre-release CI pipelines2022-12-13T12:58:56ZSlawek FigielPre-release CI pipelinesI'm introducing in #817 the possibility of running system tests with different Kea and Bind9 versions.
Our standard system test pipeline now uses Kea 2.0 and Bind9 9.18. But we can prepare additional CI tasks/pipelines to test other conf...I'm introducing in #817 the possibility of running system tests with different Kea and Bind9 versions.
Our standard system test pipeline now uses Kea 2.0 and Bind9 9.18. But we can prepare additional CI tasks/pipelines to test other configurations.
Unfortunately, the system tests pipeline executes quite long ~15 minutes. It is inconvenient to run it many times for every pushed commit. But we can run the additional CI pipelines only for pre-releases merge requests, i.e., merge requests that pump the Stork version. They are usually merged after code freeze but a day before sanity checks. We should have enough time to check the bugs found.
I think the pre-release pipelines may also contain the installation and de-installation tests.
There should be a possibility to run the pipelines manually on demand.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/1051Display `rndc status`2023-06-13T13:23:55ZTomek MrugalskiDisplay `rndc status`There's a very nice and short status of overall BIND, obtained with `rndc status`. We do use it, but the details of what was retrieved is not displayed.
Here's an example of what rndc prints:
```
# rndc status
version: BIND 9.16.37-Debi...There's a very nice and short status of overall BIND, obtained with `rndc status`. We do use it, but the details of what was retrieved is not displayed.
Here's an example of what rndc prints:
```
# rndc status
version: BIND 9.16.37-Debian (Extended Support Version) <id:2b2afb2> (the latest, patched, secure one)
running on v13: Linux x86_64 5.10.0-20-amd64 #1 SMP Debian 5.10.158-2 (2022-12-13)
boot time: Fri, 02 Jun 2023 20:57:23 GMT
last configured: Fri, 02 Jun 2023 20:57:23 GMT
configuration file: /etc/bind/named.conf
CPUs found: 4
worker threads: 4
UDP listeners per interface: 4
number of zones: 103 (97 automatic)
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 1/900/1000
tcp clients: 0/150
TCP high-water: 2
server is up and running
```
We could print this as is, maybe with some meta-data (timestamp when this status was obtained). This would be flexible enough (I'm sure older bind prints less and newer probably more) and useful.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/1129Missing "named" daemon on the machine page2023-08-22T13:34:38ZSlawek FigielMissing "named" daemon on the machine pageThe issue was found by @slawek during [1.12 sanity checks](https://gitlab.isc.org/isc-projects/stork/-/issues/1122#note_393165).
The Bind 9 daemon (`named`) is missing in the daemon column on the machine page.
![image](https://gitlab.i...The issue was found by @slawek during [1.12 sanity checks](https://gitlab.isc.org/isc-projects/stork/-/issues/1122#note_393165).
The Bind 9 daemon (`named`) is missing in the daemon column on the machine page.
![image](https://gitlab.isc.org/isc-projects/stork/uploads/576f122e2ae622b57d289d4f862bdd27/image.png)backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/1130Empty status column for BIND 9 applications2023-08-22T13:35:26ZSlawek FigielEmpty status column for BIND 9 applicationsThe issue was found by @slawek during [1.12 sanity checks](https://gitlab.isc.org/isc-projects/stork/-/issues/1122#note_393166).
The status column in the Bind 9 application list is empty.
![image](https://gitlab.isc.org/isc-projects/st...The issue was found by @slawek during [1.12 sanity checks](https://gitlab.isc.org/isc-projects/stork/-/issues/1122#note_393166).
The status column in the Bind 9 application list is empty.
![image](https://gitlab.isc.org/isc-projects/stork/uploads/157da70fec110493deea9213e01167cd/image.png)backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/1217BIND 9 in chroot mode - detection fail2023-11-21T14:42:33ZSlawek FigielBIND 9 in chroot mode - detection failThe issue was reported on [our mailing list](https://lists.isc.org/pipermail/stork-users/2023-October/000227.html).
The user runs BIND 9 in the chroot mode (using the `-t` flag). The configuration file is detected properly, but `named-c...The issue was reported on [our mailing list](https://lists.isc.org/pipermail/stork-users/2023-October/000227.html).
The user runs BIND 9 in the chroot mode (using the `-t` flag). The configuration file is detected properly, but `named-checkconf` returns a non-zero status. The problem occurs only for Stork Agent 1.12. Stork Agent 1.11 detects this BIND 9 instance properly.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/1303BIND 9 generates no events2024-03-28T12:11:05ZSlawek FigielBIND 9 generates no eventsThe issue was found by @slawek during 1.15 sanity checks: https://gitlab.isc.org/isc-projects/stork/-/issues/1296#note_434177
The BIND 9 application generates no events. I think there should be at least a notification about connecting t...The issue was found by @slawek during 1.15 sanity checks: https://gitlab.isc.org/isc-projects/stork/-/issues/1296#note_434177
The BIND 9 application generates no events. I think there should be at least a notification about connecting to the daemon.1.16Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/stork/-/issues/1309Support for non-default BIND 9 views2024-03-05T14:37:16ZSlawek FigielSupport for non-default BIND 9 viewsThe issue was reported on [our mailing list](https://lists.isc.org/pipermail/stork-dev/2024-February/000049.html):
> the fact that i use views in my bind config is why there is no data
showing up for one host.
The attached statistics:
...The issue was reported on [our mailing list](https://lists.isc.org/pipermail/stork-dev/2024-February/000049.html):
> the fact that i use views in my bind config is why there is no data
showing up for one host.
The attached statistics:
> ```
> ++ Cache Statistics ++
> [View: internal (Cache: internal)]
> 0 cache hits
> 0 cache misses
> 0 cache hits (from query)
> 0 cache misses (from query)
> 0 cache records deleted due to memory exhaustion
> 0 cache records deleted due to TTL expiration
> 0 covering nsec returned
> 0 cache database nodes
> 0 cache NSEC auxiliary database nodes
> XX cache database hash buckets
> XXXXXXXXXX cache tree memory total
> XXXXX cache tree memory in use
> 0 cache tree highest memory in use
> XXXXXXXXX cache heap memory total
> XXXX cache heap memory in use
> 0 cache heap highest memory in use
> [View: _bind (Cache: _bind)]
> 0 cache hits
> 0 cache misses
> 0 cache hits (from query)
> 0 cache misses (from query)
> 0 cache records deleted due to memory exhaustion
> 0 cache records deleted due to TTL expiration
> 0 covering nsec returned
> 0 cache database nodes
> 0 cache NSEC auxiliary database nodes
> XX cache database hash buckets
> XXXXX cache tree memory total
> XXXXX cache tree memory in use
> 0 cache tree highest memory in use
> XXXX cache heap memory total
> XXXX cache heap memory in use
> 0 cache heap highest memry in use
> ```
> there is no _default zone, which might be due to my use of
> views, or different naming convention (_bind vs _default).
>
> is there a way to tell Stork that i want the stats from the views that
> i am running, or global stats from all views?
Unfortunately, Stork has no possibility to change the BIND 9 view name. The `_default` name is hard-coded in several places.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/1310BIND 9 returns poor statistics if the bind-dyndb-ldap plugin2024-03-05T14:39:31ZSlawek FigielBIND 9 returns poor statistics if the bind-dyndb-ldap pluginThe issue was reported on [our mailing list](https://lists.isc.org/pipermail/stork-dev/2024-February/000049.html).
> on one of the authoritative bind instances, i am using views there
> too, which i might reconsider, i am using the bind...The issue was reported on [our mailing list](https://lists.isc.org/pipermail/stork-dev/2024-February/000049.html).
> on one of the authoritative bind instances, i am using views there
> too, which i might reconsider, i am using the bind-dyndb-ldap plugin
> to host the zone data in ldap, and when i curl for the json/v1 stats
> URL, only get back:
> [brendan@server3 ~]$ curl http://localhost:8053/json/v1/
>
> ```json
> {
> "json-stats-version":"1.7",
> "boot-time":"2024-02-01T09:01:21.914Z",
> "config-time":"2024-02-01T09:01:27.425Z",
> "current-time":"2024-02-06T21:45:33.123Z",
> "version":"9.18.20"
> }
> ```
>
> even though the statistics are configured. it seems the caching
> mechanisms are not being used:
>
> ```
> ++ Cache Statistics ++
> [View: internal (Cache: internal)]
> 0 cache hits
> 0 cache misses
> 0 cache hits (from query)
> 0 cache misses (from query)
> 0 cache records deleted due to memory exhaustion
> 0 cache records deleted due to TTL expiration
> 0 covering nsec returned
> 0 cache database nodes
> 0 cache NSEC auxiliary database nodes
> XX cache database hash buckets
> XXXXXXXXXX cache tree memory total
> XXXXX cache tree memory in use
> 0 cache tree highest memory in use
> XXXXXXXXX cache heap memory total
> XXXX cache heap memory in use
> 0 cache heap highest memory in use
> [View: _bind (Cache: _bind)]
> 0 cache hits
> 0 cache misses
> 0 cache hits (from query)
> 0 cache misses (from query)
> 0 cache records deleted due to memory exhaustion
> 0 cache records deleted due to TTL expiration
> 0 covering nsec returned
> 0 cache database nodes
> 0 cache NSEC auxiliary database nodes
> XX cache database hash buckets
> XXXXX cache tree memory total
> XXXXX cache tree memory in use
> 0 cache tree highest memory in use
> XXXX cache heap memory total
> XXXX cache heap memory in use
> 0 cache heap highest memry in use
> ```
The reported problem prevents Stork agent from forwarding statistics to Prometheus and Stork server.outstandinghttps://gitlab.isc.org/isc-projects/stork/-/issues/1333Incorrect error handing of the bind9 app state causes no transition to the in...2024-03-14T12:23:22ZMarcin SiodelskiIncorrect error handing of the bind9 app state causes no transition to the inactive stateThe `GetAppState()` logic returns early when communication with named fails. As a result, the info about the app is not updated in the database. So, for example, the active flag remains true, while it should be put to false. The daemon a...The `GetAppState()` logic returns early when communication with named fails. As a result, the info about the app is not updated in the database. So, for example, the active flag remains true, while it should be put to false. The daemon appears to be online in the UI even though there is no connection to it.