FreeBSD: Install bindgraph To Make Graphs About Queries Sent To BIND

How do I install bindgraph to make pretty query statistics about my BIND server running FreeBSD Unix operating system?

Bindgraph was derived from well-known mailgraph package. It is a tool that makes pretty graphs about queries (such as A, MX, AAAA, TXT and so on) sent to your BIND name server. It will create graph for:[donotprint][/donotprint]

  1. Last Hours Graph
  2. Day Graph
  3. Week Graph
  4. Month Graph
  5. Year Graph

There are two steps to create graphs:

a] You need enable query logging under bind by updating named.conf file itself. You can log queries to /var/log/query.log file.

b] Create bindgraph.rrd database by enabling bindgraph service.

Step 1: Install bindgraph

Type the following commands to install bindgraph via the port:
# portsnap fetch update
# cd /usr/ports/dns/bindgraph/
# make install clean

Or use the following command to install binary package:
# pkg install dns/bindgraph

Step 2: Configure BIND (named) logging

Open named.conf file, enter:
# vi /etc/namedb/named.conf
Append something as follows to logging options:
channel "querylog" { file "/var/log/query.log"; print-time yes; };
category queries { querylog; };

Here is my sample logging entry:

# Configure the logging options
logging {
    channel security_channel {
        # Send log messages to the specified file
        file            "/var/log/security.log";
        # Log all messages
        severity        debug;
        # Log the date and time of the message
        print-time      yes;
        # Log the category of the message
        print-category  yes;
        # Log the severity level of the message
        print-severity  yes; 
    };
 
    channel default {
        # Send logs to the syslog 'local0' facility
        syslog          local0;
        # Log messages of severity 'info' or higher
        severity        info;
        print-category  yes;
        print-severity  yes;
    };
 
    # Logs about approval and denial of requests
    category security {
        security_channel;
        default;
    };
 
    # Ignore logs about misconfigured remote servers
    category lame-servers { null; };
 
    # Default logging options
    category default { default; };
 
   channel "querylog" { file "/var/log/query.log"; print-time yes; };
   category queries { querylog; };
};

# Configure the logging options
logging {
channel security_channel {
# Send log messages to the specified file
file "/var/log/security.log";
# Log all messages
severity debug;
# Log the date and time of the message
print-time yes;
# Log the category of the message
print-category yes;
# Log the severity level of the message
print-severity yes;
}; channel default {
# Send logs to the syslog ‘local0’ facility
syslog local0;
# Log messages of severity ‘info’ or higher
severity info;
print-category yes;
print-severity yes;
}; # Logs about approval and denial of requests
category security {
security_channel;
default;
}; # Ignore logs about misconfigured remote servers
category lame-servers { null; }; # Default logging options
category default { default; }; channel "querylog" { file "/var/log/query.log"; print-time yes; };
category queries { querylog; };
};

Save and close the file. Restart bind server, run:
# /etc/rc.d/named restart

Step 3: Configure bindgraph

Enable bindgraph service, enter:
echo 'bindgraph_enable="YES"' >> /etc/rc.conf
Finally, start bindgraph, enter:
# /usr/local/etc/rc.d/bindgraph start

Step 4: How do I view bindgrap rrd graphs?

By default Perl cgi script is installed at /usr/local/www/cgi-bin/bindgraph.cgi location. You can use the same or copy the script to your cgi-bin location. You also need to configure Apache or other web server to run Perl via cgi-bin. Once done, fire up a webbrowser and type the url
http://yourdomain.com/cgi-bin/bindgraph.cgi
OR
http://server.ip.add.ress/cgi-bin/bindgraph.cgi
You should see sample graphs:

Fig:01 BIND DNS Queries: Bindgraph In Action

Fig.02: BIND DNS Queries Day Grap

You can download the latest source code visiting this url.

Posted by: SXI ADMIN

The author is the creator of SXI LLC and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.