stork issueshttps://gitlab.isc.org/isc-projects/stork/-/issues2022-12-06T13:11:16Zhttps://gitlab.isc.org/isc-projects/stork/-/issues/314Req 2.2.2: Show reservation options2022-12-06T13:11:16ZTomek MrugalskiReq 2.2.2: Show reservation optionsStork is able to show host reservations with some details, but options are not displayed.
The complex part here is that options can have varied syntax (string, boolean, address, integers, structure, empty, etc).
This requirement calls ...Stork is able to show host reservations with some details, but options are not displayed.
The complex part here is that options can have varied syntax (string, boolean, address, integers, structure, empty, etc).
This requirement calls to display the options and their values somehow.
In particular anything related to PXE should be displayed.
This is a follow-up to Req 2.2: #45.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/237Req 2.2.1: Show host reservation status2023-09-12T13:33:55ZTomek MrugalskiReq 2.2.1: Show host reservation statusThis is a follow-up to req 2.2 (#45) that asked for host reservations. This set of requirements outlined here require also getting lease information and correlating it with the host reservations:
* [ ] I would like to be able to sort th...This is a follow-up to req 2.2 (#45) that asked for host reservations. This set of requirements outlined here require also getting lease information and correlating it with the host reservations:
* [ ] I would like to be able to sort this date the lease was assigned to a client.
* [ ] I would like to be able to apply a filter to show either all addresses assigned, or all host reservations not claimed.
* [x] I would like to see if a lease for this reservation has actually been requested and assigned. #530
The use case is, determining if there are configured host reservations not being used (I might remove them) or hosts that I expect to be using leases that are not on-line for some reason.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/154Req 1.5.2 - Detect significant fault condition (kea)2022-11-16T11:54:50ZTomek MrugalskiReq 1.5.2 - Detect significant fault condition (kea)Req 1.5 (#41) mentioned a significant fault condition without specifying what exactly it is. This requirement is to:
* [ ] specify the metric or metrics that would constitute the fault condition for Kea
* [ ] actually implement its/thei...Req 1.5 (#41) mentioned a significant fault condition without specifying what exactly it is. This requirement is to:
* [ ] specify the metric or metrics that would constitute the fault condition for Kea
* [ ] actually implement its/their monitoring
Right now we have a red/green status. This requirement effectively requires a yellow or orange status. See related #153 for BIND 9 equivalent.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/104Req 11.2 - Mobile device support2023-12-13T18:40:58ZVicky Riskvicky@isc.orgReq 11.2 - Mobile device supportit would be ideal if we could have a UI that is accessible via mobile devices. This means that we would want most of the display to be responsive, so that elements displayed side by side on the desktop display could be displayed above/be...it would be ideal if we could have a UI that is accessible via mobile devices. This means that we would want most of the display to be responsive, so that elements displayed side by side on the desktop display could be displayed above/beneath each other on a mobile device.
As a user I might want to check into the Stork interface via mobile device occasionally. I would like to be able to easily find and view the most salient information this way, including most significant alerts and status of individual servers. However, I would not want to limit the table width in the desktop version of Stork in order to be able to access the app via mobile device.
We may consider actually not displaying these wide tables on mobile devices to preserve basic usability for mobile users.outstandinghttps://gitlab.isc.org/isc-projects/stork/-/issues/80Req 10.3 - User authorization2022-11-16T11:54:50ZVicky Riskvicky@isc.orgReq 10.3 - User authorizationAs an administrator, eventually I will need fairly fine-grained control over user access and privileges, particularly to:
* [ ] limit configuration authorization to confined areas of the network. (this is meant in reference to making ch...As an administrator, eventually I will need fairly fine-grained control over user access and privileges, particularly to:
* [ ] limit configuration authorization to confined areas of the network. (this is meant in reference to making changes in Kea servers via Stork)
* [ ] Initially, if I can have system-wide read-only, read-write, and super user privilege levels, that would be adequate.
* [x] Read-write would include adding devices to Stork to be monitored and making most configuration changes in Stork. (it's called admin)
* [x] Super user privileges would include creating new users and giving them read-write privileges. Read-only would be for people who just have the ability to navigate the dashboard and view alerts, alarms and statistics.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/73Req - 7.6 - SRTT Information2021-06-01T08:44:41ZVicky Riskvicky@isc.orgReq - 7.6 - SRTT InformationAs a network administrator, I am curious about how BIND is choosing what server to send a query to. This is a FAQ on BIND-users and is something of a mystery to a lot of users.
I would like to see what BIND knows about authoritative serv...As a network administrator, I am curious about how BIND is choosing what server to send a query to. This is a FAQ on BIND-users and is something of a mystery to a lot of users.
I would like to see what BIND knows about authoritative servers - I want to see a list of servers for a domain and the current and historical srtt values for those servers.
Which server will BIND query for this domain and why.
Also, which servers are EDNS capable?backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/72Req 7.4 - Cache cleanup2021-06-01T08:44:42ZVicky Riskvicky@isc.orgReq 7.4 - Cache cleanupAs an administrator of a resolver, I want to maximize the utility of my memory allocated for cache. I need to know, what's expired in cache and still not cleaned up?As an administrator of a resolver, I want to maximize the utility of my memory allocated for cache. I need to know, what's expired in cache and still not cleaned up?backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/69Req 7.2.1 - Throttling and cookies2021-06-01T08:44:41ZVicky Riskvicky@isc.orgReq 7.2.1 - Throttling and cookiesAs an operator, I would like to know, what % of clients are avoiding RRL by providing cookies?As an operator, I would like to know, what % of clients are avoiding RRL by providing cookies?backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/68Req 7.2 - Throttling2021-06-01T08:44:41ZVicky Riskvicky@isc.orgReq 7.2 - ThrottlingI would like to know if I am throttling traffic based on configured limits. If so, I might want to change these limits to throttle more or less.
These limits are typically designed to protect the system from being overwhelmed in case of...I would like to know if I am throttling traffic based on configured limits. If so, I might want to change these limits to throttle more or less.
These limits are typically designed to protect the system from being overwhelmed in case of a DDOS. However, sometimes the throttles are set low enough that they impact throughput unnecessarily during normal operation.
Priorities
* Fetch-limits
* clients per query
* client-quotas
* TCP quotas
* RRL
? Is this server being throttled by fetch-limits or is this zone being throttled by fetch-limits?
Log instances of crossing the thresholds where throttling kicks in, when you cross the threshold again on the way down.
Several specific problems we would like to address are:
* https://gitlab.isc.org/isc-projects/bind9/issues/665 Add "rndc fetchlimits" command to dump currently-active ADB rate-limited servers and zones
* https://gitlab.isc.org/isc-projects/bind9/issues/915 Add ability to determine frozen zones
* https://gitlab.isc.org/isc-projects/bind9/issues/1232 [ISC-support #15166] expose zone timers (reload, refresh, expire) via stats channelbackloghttps://gitlab.isc.org/isc-projects/stork/-/issues/67Req 7.1 - Performance Troubleshooting2021-06-01T08:44:41ZVicky Riskvicky@isc.orgReq 7.1 - Performance TroubleshootingAs a user, I am looking for information that should be flagged that may help understand what is limiting performance currently.
I am particularly concerned about maximizing performance of my resolver.
What are the critical resources I ...As a user, I am looking for information that should be flagged that may help understand what is limiting performance currently.
I am particularly concerned about maximizing performance of my resolver.
What are the critical resources I need to monitor, besides memory?
- [x] CPU
- [ ] threads
- [ ] sockets??
- [ ] TCP connections
- [ ] 'clients'?
what else?
What information is available on what is tying up these resources?
Quote from Cathy "What is BIND doing (while it is, eating memory, eating CPU, not responding, apparently twiddling it's thumbs or ..?)"backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/66Req 6.7 - Memory Utilization2021-06-01T08:44:42ZVicky Riskvicky@isc.orgReq 6.7 - Memory UtilizationAs a user, I would like to know what named's current memory allocation being used for.
* If I am running low on available memory, I want to identify possible options for reducing memory consumption with a configuration change.
* Alterna...As a user, I would like to know what named's current memory allocation being used for.
* If I am running low on available memory, I want to identify possible options for reducing memory consumption with a configuration change.
* Alternatively, this will help me identify 'runaway' processes that are eating memory and not freeing it as part of a troubleshooting exercise.
* When I am operating a hybrid server I need to see the amount of memory being used for auth vs recursive functions.
Some of this information may be available by querying the machine rather than the service.
We may want to review what would be presented. As an operator, I am not going to benefit from really cryptic references to processes inside BIND that I cannot control or stop. However, ISC technical support might want some long list of arcane stuff that I cannot interpret.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/65Req 6.5 - Cache Details2021-06-01T08:44:41ZVicky Riskvicky@isc.orgReq 6.5 - Cache DetailsAs a user I would like to see details on what is in the cache in order to determine why the cache hit ratio might be low. The purpose of displaying this data is to help guide me about configuration settings that could improve the cache e...As a user I would like to see details on what is in the cache in order to determine why the cache hit ratio might be low. The purpose of displaying this data is to help guide me about configuration settings that could improve the cache effectiveness.
Useful details would include
* cache size (memory, # of records)
* average ttl of records in cache (perhaps also min and max ttl?)
* breakdown by record type, status (valid vs expired)
* LRU of records pre-fetched
* LRU of records that expired without being re-queried
* top 500(?) records most frequently queried
* cache cleaning (how dirty is the cache)backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/62Req 5.7.1 - RPZ Response Actions2021-06-01T08:44:41ZVicky Riskvicky@isc.orgReq 5.7.1 - RPZ Response ActionsAs a user, I would like to investigate RPZ matches to determine or estimate the type of abuse being blocked by RPZ.
I can extrapolate the type of abuse (malware, legal filtering, etc) based on the type of RPZ action.
Report statistics ...As a user, I would like to investigate RPZ matches to determine or estimate the type of abuse being blocked by RPZ.
I can extrapolate the type of abuse (malware, legal filtering, etc) based on the type of RPZ action.
Report statistics on the type of RPZ action taken (type of action, rewrites, NXDOMAIN etc.)backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/61Req 5.7.2 - RPZ Detail2021-06-01T08:44:42ZVicky Riskvicky@isc.orgReq 5.7.2 - RPZ DetailAs a user, I would like to know how many RPZ matches are coming from *each* RPZ zone. RPZ zones are evaluated in order they are configured, so if two zones include the same filter, the 'match' will be attributed to the first RPZ listed. ...As a user, I would like to know how many RPZ matches are coming from *each* RPZ zone. RPZ zones are evaluated in order they are configured, so if two zones include the same filter, the 'match' will be attributed to the first RPZ listed.
If we can communicate this (the order of the RPZ zones and its relationship to how many answers were blocked by each zone) in the UI that would be helpful.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/60Req 5.7 - View RPZ Statistics2021-06-01T08:44:42ZVicky Riskvicky@isc.orgReq 5.7 - View RPZ StatisticsAs an administrator I need to know how much of an impact RPZ is having.
I may be either introducing RPZ for the first time, or trialing an additional RPZ feed and attempting to evaluate how many more matches are found with the addition ...As an administrator I need to know how much of an impact RPZ is having.
I may be either introducing RPZ for the first time, or trialing an additional RPZ feed and attempting to evaluate how many more matches are found with the addition of a new zone(s). I would like to be able to report the number of possible 'bad' queries blocked to management, to justify the cost of commercial RPZ feeds.
The most basic metric is a global counter (eg. 15 minute intervals) of RPZ matches. If we just have a global counter of RPZ matches, then if the user adds a new RPZ feed, they can look to see how much that number changed by.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/58Req 5.5 - View NTAs2023-04-11T16:19:44ZVicky Riskvicky@isc.orgReq 5.5 - View NTAsAs an administrator, I need to see what Negative trust anchors are configured. I may have help desk staff that need to be prepared to answer questions about zones that may stop validating.
Questions I have:
* What NTAs are active?
* Fo...As an administrator, I need to see what Negative trust anchors are configured. I may have help desk staff that need to be prepared to answer questions about zones that may stop validating.
Questions I have:
* What NTAs are active?
* For the NTAs configured, when do they expire?
* I also want to see any 'permanent NTAs'. (zones with = validate except.)backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/57Req 5.4 - Zone Signing Status2021-06-01T08:44:41ZVicky Riskvicky@isc.orgReq 5.4 - Zone Signing StatusAs an admin I want to see DNSSEC details, key information, signature validity period, when is the next key rollover, when is the next resign, and what is the zone that will be resigned next.. nsec3As an admin I want to see DNSSEC details, key information, signature validity period, when is the next key rollover, when is the next resign, and what is the zone that will be resigned next.. nsec3backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/56Req 5.3 - View Zone Status2021-06-01T08:44:40ZVicky Riskvicky@isc.orgReq 5.3 - View Zone Status"from a user ""It would be very helpful for us to have the various zone timers exposed through the statistics channel. The information is currently available through `rndc zonestatus`, but it would be far easier for us to monitor the ser..."from a user ""It would be very helpful for us to have the various zone timers exposed through the statistics channel. The information is currently available through `rndc zonestatus`, but it would be far easier for us to monitor the servers if this were accessible through the stats channel.
Our use case would be to monitor for zones approaching expiration. We'd like to use the stats channel to pull the full list of zones with the timers in one operation, and then parse the data."""backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/55Req 5.1 - Zone Transfer Impact2021-06-01T08:44:42ZVicky Riskvicky@isc.orgReq 5.1 - Zone Transfer ImpactFrom BIND GL issue #513
As an administrator I need to determine the impact of large zone updates on operations.
I may see a drop in QPS performance and want to investigate whether this was caused by a large zone transfer. I will need t...From BIND GL issue #513
As an administrator I need to determine the impact of large zone updates on operations.
I may see a drop in QPS performance and want to investigate whether this was caused by a large zone transfer. I will need to see information that will help me identify which zone, how large it is, when it was updated, so that I can see if I can adjust the configuration to ameliorate the impact of large zone transfers.
Details
* Add metrics on the size of the IXFRs e.g. min, max and average size of IXFRs
* Add the same details to the XFR log on the master that are reported on the secondary:
* transfer of 'example.com/IN' from 127.0.0.1#7753: Transfer completed: 1 messages, 14 records, 986 bytes, 0.001 secs (986000 bytes/sec). The log on the master currently only reports that the transfer started and ended.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/54Req 5.1 View Zones List2021-06-01T08:44:42ZVicky Riskvicky@isc.orgReq 5.1 View Zones ListAs an administrator I would like to be able to browse a list of DNS zones that I am publishing, along with a bunch of information on the zone.
1. This is likely to be a very large table, with pages of data, so I would like to be able t...As an administrator I would like to be able to browse a list of DNS zones that I am publishing, along with a bunch of information on the zone.
1. This is likely to be a very large table, with pages of data, so I would like to be able to apply filters to make it more manageable.
1. I want to be able to accommodate up to 2M small zones, 2M RRs zone, 100 views.
1. I would like to be able to sort this by zone name, zone type, time of last update (this might be the default sort), zone size? signing status (signed/unsigned/expired?), #RRs.
1. This zone list should include 'dynamic', 'traditional', catalog, automatic, mirror, root hints, forward, stub, static stub zones.
1. I would like to know the zone type and permit filtering based on zone type.
1. I would like to search based on ... (?cnames?)
1. I would like to know which slaves are publishing that zone
1. I may know a zone name, or partial zone name and will want to know more about that zone.backlogMatthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.org