DNS Statistics
You can monitor DNS statistics and extract DNS resolution information using the ACLI show dns command. To get basic DNS statistics, use either the ACLI show dns or show dns stats command. Other arguments provide more specific statistics, resolutions and information. Command strings that present DNS resolution information are covered in the ensuing sections
Statistics information typically displayed includes:
- Queries—The number of DNS queries initiated.
- Successful—The number of DNS queries completed successfully.
- NotFound—The number of DNS queries that did not result in DNS resolution.
- TimedOut—The number of DNS queries that timed out.
Example output for show dns is presented below.
ORACLE# show dns
18:20:18-16
---Queries---- --Successful-- ---NotFound--- ---TimedOut---
DNS Intf Name IP Address Current Total Current Total Current Total Current Total
M10:0 -
192.168.7.132:53 1 1 0 0 0 0 1 1
192.168.7.130:53 2 2 0 0 0 0 3 4The high level syntax for all show dns arguments is presented below.
show dns < stats <arguments> | cache-entry <arguments> | lookup <arguments> | query <arguments> | cache-entry-eas <arguments> | cache-entry-eps <arguments> | stats-eas <arguments> | stats-eps <arguments> >Command arguments and brief descriptions include:
- stats—Display DNS traffic statistics
- cache-entry—Look in the DNS cache for a specific entry
- lookup—Perform a DNS lookup for a specific FQDN
- query—Perform a DNS query for a specific FQDN
- cache-entry-eas—Look in the External Accounting Server DNS cache for a specific entry
- cache-entry-eps—Look in the External Policy Server DNS cache for a specific entry
- stats-eas—Display External Accounting Server DNS Statistics
- stats-eps—Display External Policy Server DNS Statistics
Each command argument supports further arguments that may or may not require additional, specific detail information, such as a specific realm name.
For example, argument syntax that applies to show dns stats include:
- <dns-servers>—Shows statistics for all configured DNS servers on all interfaces.
- <Realm/ Intf Name>—Shows all statistics for all configured DNS servers on a specific realm or interface.
- <all>—Show per server statistics and interface statistics for a specific realm or interface.
When you extend the command with arguments, including <dns-servers>, the system expands its output to provide more detailed statistics for the applicable DNS traffic. Consider the example below.
ORACLE# show dns stats dns-servers Realm192 all
18:20:18-16
DNS Intf Name: M00:0
IP: 192.168.7.132:53
-- Period -- -------- Lifetime --------
Active High Total Total PerMax High
Queries - - 0 15 9 -
Successful - - 0 12 9 -
NotFound - - 0 0 0 -
TimedOut - - 0 2 1 -
Bad Status - - 0 0 0 -
Other Failures - - 0 0 0 -
Truncated - - 0 1 1 -
Transactions 0 0 0 13 9 2
Cache Entries
Successful 2 2 0 41 24 26
NotFound 0 0 0 0 0 0
IP: 192.168.7.130:53
-- Period -- -------- Lifetime --------
Active High Total Total PerMax High
Queries - - 0 5 7 -
Successful - - 0 2 7 -
NotFound - - 0 0 0 -
TimedOut - - 0 2 1 -
Bad Status - - 0 0 0 -
Other Failures - - 0 0 0 -
Truncated - - 0 1 1 -
Transactions 0 0 0 23 9 2
Cache Entries
Successful 2 2 0 4 4 6
NotFound 0 0 0 0 0 0Note:
If you have not configured DNS on the network-interface associated with that realm, the system refers to other configured realms to send out the query. The order the system uses to selects alternate realms is:- The configured dns-realm of that realm.
- The dns-realm configured in the egress-realm-id parameter under sip-config, if configured. If not configured, the system uses the egress-realm-id.
- The dns-realm of the home-realm-id within the sip-config, if configured. If not configured, the system uses the home-realm-id.
This sequence is only applicable when resolving addressing for SIP signaling purposes.
Issuing a DNS Query Without a DNS Server Configuration
You can send out a DNS query to a specific IP address, even if you have not configured that DNS server on a network-interface. The applicable syntax is:
show dns query <realm_name> < query_type_key > <domain_name> <dns_server_ip>This allows you to use the SBC to perform a random DNS resolution lookup. The SBC does not update the cache with this resolution, and does not track the statistics associated with the lookup. When performing these lookups, the SBC first sends the query out over UDP. If the TC bit is set in the DNS response, the SBC then sends the query out over TCP.
When performing this function, the SBC ignores the dns-tcp-for-truncated-response value within the applicable realm-config.
Note:
If a DNS response is greater than 512 bytes and has the TC bit set, the SBC re-queries over the TCP connection to get the complete DNS response.Viewing DNS Information for Specific Cache Entries
To view DNS resolution information on specific local DNS cache entries, use the show dns cache-entry command. You must include both the realm name and the entry ID as arguments to avoid receiving an error message.
Arguments that apply to show dns cache-entry include:
- <realm_id>—The exact name of the realm through which you are issuing or receiving DNS information to or from the DNS server.
- <cache_record_key>—The type of DNS record on which you are collecting
or displaying DNS information, which must appear in one of the following formats
include:
- A for IPv4 lookup—For example, A:abc.com
- AAAA for IPv6 lookup—For example, AAAA:abc.com
- SRV for service records—For example, SRV_sip_tcp.abc.com
- NAPTR for naming authority pointers—For example, NAPTR.abc.com
A successful inquiry appears as follows:
ORACLE# show dns cache-entry Realm172 NAPTR:robert.sipp.com
DNS Result:
Query Name -->
NAPTR:robert.sipp.com
Answers -->
order=10 pref=100 "S" "SIP+D2U" "" "_sip._udp.robert.sipp.com" ttl=3243
order=10 pref=100 "S" "SIP+D2U" "" "_sip._tcp.robert.sipp.com" ttl=3243
Server: 172.16.174.200:53The detail above applies equally to:
- The command you execute to generate an inquiry into cache entries that
apply to External Accounting
Servers.
show dns cache-entry-eas | <realm_id> | <cache_record_key> - The command you execute to generate an inquiry into cache entries that apply to
External Policy
Servers.
show dns cache-entry-eps | <realm_id> | <cache_record_key>
When you use the SBC ACLI to send a NAPTR/SRV to a configured DNS server ip from a configured IPV4 network interface, and the DNS server responds with both AAAA and A records, the SBC does not process and display the AAAA record. Instead, it only processes and displays the A record.
Note that, although the SBC does not process and display the DNS response with AAAA records, AAAA records are stored in cache. The internal implementation of the SBC always stores the whole response locally for processing as per design.
In contrast to the above, when you issue the same NAPTR/SRV query from the same interface to a DNS server IP that is not configured, and the DNS server responds with both AAAA and A records, the SBC processes and displays the response with both the AAAA and A records. Also, caching behavior remains the same.
DNS Queries on the Command Line
You can perform Domain Name Services (DNS) queries from the command line. Depending on your specific command syntax, positive results are added to the DNS cache.
Currently the SIP proxy agent issues DNS queries to find the Serving Call Session Control Function (S-CSCF) from a SIP INVITE or a SIP registration event. A user can perform these same DNS queries from the command line, both with and without the use of the local DNS cache. The applicable commands include show dns-lookup and show dns-query.
Show DNS Lookup
The command to first query the local DNS cache and then perform an external DNS query (if needed) is show dns lookup with the following parameters:
- <realm_name—The exact name of the realm through which you are issuing or receiving DNS information to or from the DNS server.
- <query_type_key>—The type of DNS record on which you are
collecting or displaying DNS information, including:
- A for IPv4 lookup—For example, A:abc.com
- AAAA for IPv6 lookup—For example, AAAA:abc.com
- SRV for service records—For example, SRV_sip_tcp.abc.com
- NAPTR for naming authority pointers—For example, NAPTR.abc.com
- <domain_name>—The FQDN of a station on which you are collecting or displaying DNS information.
Note:
Run the show dns lookup command from the active only. This is required when the system sends the query to the External DNS server.Example command ouput is shown below.
ORACLE# show dns loohup Realm172 SRV _sip._udp.robert.sipp.com 172.16.97.10
DNS Result:
Query Name -->
SRV:_sip._udp.robert.sipp.com
Answers -->_
sip._udp.robert.sipp.com SRV 0 1 robert.sipp.com 5060 UDP ttl= 60
_sip._udp.robert.sipp.com SRV 1 1 robert1.sipp.com 5060 UDP ttl= 60
robert.sipp.com A 172.16.97.55 ttl= 60
robert1.sipp.com A 172.16.97.57 ttl= 60
robert1.sipp.com A 172.16.97.58 ttl= 60
Query time: 998 msec
Server:
172.16.97.10:53
When: 2024-01-12 08:23:41
Msg Size Rcvd: 254Output detail includes:
- The DNS server IP that DNS cache or DNS query reflects in the response.
- The Elapsed Query Time for DNS query, if there is one
- The Date and Time for DNS query, if there is one
- The Message Size for DNS query, if there is one
- Additional records and its mapping to the final IP resolution from FQDN
- The Msg Size Rcvd: field, displaying the total response string length in bytes
- The text "cache_hit :TRUE", which the system displays if it responded to the query locally from the DNS cache
- The last DNS query sent information in the ACLI output, which the system displays if it responded to the query locally from the DNS cache
Show DNS Query
To perform a manual external DNS query with no cache lookup, issue the show dns query command with the following parameters:
- <realm_name>— Realm name to use for DNS cache lookup key
- <query_type_key>— Type of DNS
query:
- A for IPv4 lookup—For example, A:abc.com
- AAAA for IPv6 lookup—For example, AAAA:abc.com
- SRV for service records—For example, SRV_sip_tcp.abc.com
- NAPTR for naming authority pointers—For example, NAPTR.abc.com
- <domain_name>— Fully qualified domain name (FQDN) of DNS name to lookup
- <server_ip_address>—The IP address of the DNS server to which you are directing this query
Note:
Run the show dns query command from the active only.Example command ouput is shown below.
ORACLE# show dns query Realm172 SRV _sip._udp.robert.sipp.com 172.16.97.10
DNS Result:
Query Name -->
SRV:_sip._udp.robert.sipp.com
Answers -->_
sip._udp.robert.sipp.com SRV 0 1 robert.sipp.com 5060 UDP ttl= 60
_sip._udp.robert.sipp.com SRV 1 1 robert1.sipp.com 5060 UDP ttl= 60
robert.sipp.com A 172.16.97.55 ttl= 60
robert1.sipp.com A 172.16.97.57 ttl= 60
robert1.sipp.com A 172.16.97.58 ttl= 60
Query time: 998 msec
Server: 172.16.97.10:53
When: 2024-01-12 08:23:41
Msg Size Rcvd: 254- The system displays all records and their mapping to the final IP resolution from FQDN.
- The system displays the date and time in system local time format.
- The system displays the Query Time for DNS query in milleseconds.
- The system displays message Size for the DNS query, if there is one.
- The system displays the DNS server IP that DNS cache or DNS query reflects in the response.
- If you run this command without the DNS server <dns_server_ip> argument, the system performs a lookup to the cache only.
- If you run this command with the DNS server <dns_server_ip> argument, the system does not perform a cache lookup. Instead, it sends the query directly to the DNS server.
- This command produces output even if there is no DNS configuration on the system.
- The Realm Interface used may or may not have the DNS configuration on that interface.
- The system does not update the local cache with the results of this command, even if the response comes from an external server.
Note:
The system does not include the traffic generated by this command in its traffic statistics output.Note:
For this enhancement to send out the DNS query on a particular DNS server ip via this ACLI, the SBC shall first send the query over UDP and in case the TC bit is set in the DNS response i.e SBC receives the truncated response, SBC will send query again over TCP.Clearing ENUM and DNS Statistics
To clear statistics for DNS, you can use additions to the ACLI reset command. Before you reset the counters, however, you might want to confirm the current statistics on the system are not zero. You can do so using the show dns command.
The reset command takes the DNS arguments to clear those sets of statistics. When you use the command, the system notifies you whether it has successfully cleared the statistics (even if the counter are zero) or if it has run into an error causing the command to fail.
You can reset all system statistics using the reset all command.
This section shows you how to clear DNS statistics. The sample below shows the error message that appears if the command fails.
To clear DNS statistics: