How to Monitor and Count DNS Query Volume via WHM/SSH Before Migrating to UltraDNS


2 views

When preparing to migrate DNS services to UltraDNS, accurately measuring your current DNS query volume is crucial for capacity planning and cost estimation. On Linux servers running BIND (named), you have several technical approaches to gather this data.

For servers running BIND, the most accurate method is to enable statistics:

# In named.conf:
options {
    statistics-file "/var/named/data/named_stats.txt";
    zone-statistics yes;
};

Then reload BIND and periodically dump stats:

rndc stats
cat /var/named/data/named_stats.txt | grep "QUERY"

Enable query logging in BIND configuration:

logging {
    channel query.log {
        file "/var/log/query.log";
        severity debug 3;
    };
    category queries { query.log; };
};

Analyze logs with:

grep "query:" /var/log/query.log | wc -l

Install and run dnstop for immediate visibility:

yum install dnstop -y  # RHEL/CentOS
dnstop -l 5 eth0

In WHM's DNS Functions section:

  • Enable "DNS Query Logging" under Tweak Settings
  • Use "DNS Query Reporting" in Advanced mode

Create a cron job to compile daily statistics:

#!/bin/bash
DATE=$(date +%Y-%m-%d)
QUERY_COUNT=$(grep "query:" /var/log/query.log | wc -l)
echo "$DATE,$QUERY_COUNT" >> /var/log/dns_monthly.csv

For servers not running BIND, use tcpdump:

tcpdump -i eth0 -s0 -l port 53 | grep -c "A?"

Remember that:

  • DNS caching will affect query counts
  • Enable logging temporarily to avoid disk space issues
  • Filter out internal/resolver queries for accurate numbers

When preparing to migrate DNS services to a provider like UltraDNS, accurate query volume data is crucial for capacity planning and cost estimation. On Linux servers running BIND or other DNS software, you'll typically need to enable query logging first.

For BIND installations, edit named.conf:

logging {
    channel query.log {
        file "/var/log/named/query.log" versions 3 size 5m;
        severity debug 3;
        print-time yes;
    };
    category queries { query.log; };
};

Then restart BIND and analyze logs:

# rndc reload
# grep -c "query:" /var/log/named/query.log
# awk '/query:/ {print $1}' /var/log/named/query.log | sort | uniq -c | sort -nr

Install and run dnstop:

# yum install dnstop  # CentOS/RHEL
# apt install dnstop  # Debian/Ubuntu
# dnstop -l 5 eth0

This provides live query statistics including sources, types, and volumes.

For cPanel servers:

# /usr/local/cpanel/bin/dnsstats
# grep 'total queries' /var/cpanel/bandwidth.cache

Or via WHM GUI: Home > Server Status > DNS Server Statistics

After collecting data for 24-48 hours, extrapolate monthly volume:

# Calculate average daily queries from log samples
daily_avg=$(grep -c "query:" /var/log/named/query.log.1 /var/log/named/query.log | awk -F: '{sum+=$2} END {print sum/2}')

# Project monthly (30-day) volume
echo $((daily_avg * 30))
  • GoAccess for visualized log analysis
  • DNSQuerySniffer for Windows DNS servers
  • dnscap for packet-level DNS traffic capture