Citrix DNS Counters

This article contains information about the newnslog Domain Name Server (DNS) counters and its brief description.

Using the Counters

Log on to the ADC using an SSH client, change to SHELL, navigate to the /var/nslog directory, and then use the ‘nsconmsg’ command to see comprehensive statistics using the different counters available. For the detailed procedure refer to Citrix Blog – NetScaler ‘Counters’ Grab-Bag!.

DNS Counter

The following table lists the newnslog DNS counters with a simple description of the counter

Newnslog Counter

Description

dns_tot_Queries

This counter tracks the total number of DNS queries received.

dns_tot_Answers

This counter tracks the total number of DNS responses received.

dns_tot_aaaaQueries

This counter tracks the total number of AAAA queries received.

dns_tot_aaaaResponses

This counter tracks the total number of AAAA responses received.

dns_tot_aQueries

This counter tracks the total number of A queries received.

dns_tot_aResponses

This counter tracks the total number of A responses received.

dns_tot_nsQueries

This counter tracks the total number of NS queries received.

dns_tot_nsResponses

This counter tracks the total number of NS responses received.

dns_tot_mxQueries

This counter tracks the total number of MX queries received.

dns_tot_mxResponses

This counter tracks the total number of MX responses received.

dns_tot_soaQueries

This counter tracks the total number of SOA queries received.

dns_tot_soaResponses

This counter tracks the total number of SOA responses received.

dns_tot_cnameQueries

This counter tracks the total number of CNAME queries received.

dns_tot_cnameResponses

This counter tracks the total number of CNAME responses received.

dns_tot_ptrQueries

This counter tracks the total number of PTR queries received.

dns_tot_ptrResponses

This counter tracks the total number of PTR responses received.

dns_tot_srvQueries

This counter tracks the total number of SRV queries received.

dns_tot_srvResponses

This counter tracks the total number of SRV responses received.

dns_tot_anyQueries

This counter tracks the total number of ANY queries received.

dns_tot_anyResponses

This counter tracks the total number of ANY responses received.

dns_err_ResponseClassUnsupported

This counter tracks the total number of responses for which response types were unsupported.

dns_err_ResponseTypeUnsupported

This counter tracks the total number of responses for which response type requested was unsupported.

dns_tot_UnsupportedQueries

This counter tracks the total number of requests for which query type requested was unsupported.

dns_err_QueryClassUnsupported

This counter tracks the total number of queries for which query class was unsupported.

dns_err_QueryFormats

This counter tracks the total number of queries whose format was invalid.

dns_err_ResponseFormats

This counter tracks the total number of responses for which there was a format error.

dns_tot_multi_Queries

This counter tracks the total number of Multi Query request received.

dns_err_strayanswers

This counter tracks the total number of stray answers.

dns_tot_cache_flush_called

This counter tracks the total number of times cache was flushed.

dns_tot_cached_entries_flushed

This counter tracks the total number of cache entries flushed.

dns_tot_ServerQueries

This counter tracks the total number of Server queries sent.

dns_tot_ServerResponses

This counter tracks the total number of Server responses received.

dns_err_aaaaNoDomains

This counter tracks the total number of times AAAA record lookup failed.

dns_err_aNoDomains

This counter tracks the total number of times A record lookup failed.

dns_err_nsNoDomains

This counter tracks the total number of times NS record lookup failed.

dns_err_mxNoDomains

This counter tracks the total number of times MX record lookup failed.

dns_err_cnameNoDomains

This counter tracks the total number of times CNAME record lookup failed.

dns_err_soaNoDomains

This counter tracks the total number of times SOA record lookup failed.

dns_tot_aaaa_updates

This counter tracks the total number of AAAA record updates.

dns_err_ptrNoDomains

This counter tracks the total number of times PTR record lookup failed.

dns_err_srvNoDomains

This counter tracks the total number of times SRV record lookup failed.

dns_err_anyNoDomains

This counter tracks the total number of times ANY query lookup failed.

dns_tot_aaaa_updates

This counter tracks the total number of AAAA record updates.

dns_tot_a_updates

This counter tracks the total number of A record updates.

dns_tot_ns_updates

This counter tracks the total number of NS record updates.

dns_tot_mx_updates

This counter tracks the total number of MX record updates.

dns_tot_soa_updates

This counter tracks the total number of SOA record updates.

dns_tot_cname_updates

This counter tracks the total number of CNAME record updates.

dns_tot_ptr_updates

This counter tracks the total number of PTR record updates.

dns_tot_srv_updates

This counter tracks the total number of SRV record updates.

dns_tot_record_updates

This counter tracks the total number of record updates.

dns_err_multiquery_disabled

This counter tracks the total number of times a multi query was disabled and received a multi query.

dns_tot_AuthAnswers

This counter tracks the number of queries which were authoritatively answered.

dns_err_NoDomains

This counter tracks the number of queries for which no record was found.

dns_err_ResponseWithoutAnswers

This counter tracks the number of DNS responses received without answer.

dns_err_ResponseBadLength

This counter tracks the number of DNS responses received with invalid resource data length.

dns_tot_ReqRefusals

This counter tracks the number of DNS requests refused.

dns_tot_OtherErrors

This counter tracks the total number of other errors.

dnsrec_tot_queries

This counter tracks the total number of DNS queries received.

dns_tot_entries

This counter tracks the total number of DNS record entries.

dns_tot_updates

This counter tracks the total number of DNS proactive updates.

dns_tot_Resp

This counter tracks the total number of DNS server responses.

dns_tot_requests

This counter tracks the total number of DNS queries received.

dns_err_limits

This counter tracks the total number of times you have received DNS record with more entries than that you support.

dns_err_RespFormats

This counter tracks the total number of times you have received malformed responses from the backend.

dns_err_AliasExists

This counter tracks the total number of times you have received non-cname record for a domain for which an alias exists.

dns_err_NoDom

This counter tracks the total number of cache misses.

dns_cur_entries

This counter tracks the current number of DNS entries.

dns_cur_records

This counter tracks the current number of DNS Records.

Related:

  • No Related Posts

SEPM Client ‘not reporting status’

I need a solution

Hi,

Most of our clients are doing this, and some are doing ok but reporting well out-of-date definitions when it’s not true.

Checking a client that is not reporting status, we get this on the ‘Server Connection Status’ tab:

Status: Not connected
Error: HTTP error 500
Last attempted connection: 19/11/2018 13:27:35 | SERVERNAME | PORTNUMBER

The FQDN of SERVERNAME is XYZ.corp.domain.com, but we use CNAME records in DNS for our own external zone (so just domain.com). When we setup this server we created a new Management Server List that has the CNAME record of av.domain.com on HTTPS port 8444. However if we revert to the default Management Server List which is FQDN on HTTP port 8014 we get the same results.

The diagnostic tool didn’t highlight any communication errors. What else can I try.

This server also has WSUS running on port 443 (which is why we use 8444), even though the WSUS site is setup with a proper host header. Is SEPM not host header aware for us to use the default 443 for multiple sites. That’s what host headers are for.

Thanks

0

Related:

Dell EMC Unity: CIFS server is in Degraded mode and not fully functioning (Customer Correctable)

Article Number: 524889 Article Version: 2 Article Type: Break Fix



Dell EMC Unity Family

The CIFS server is in Degraded mode and not fully functioning.

1. The Security tab of file properties shows SID instead of names.

2. The CIFS server may become inaccessible.

3. EMCC4Corelogc4_safe_ktrace.log shows errors like below:

2018/08/16-20:53:04.961645 41K 7F1390BE9709 sade:KERBEROS: 3:[vdm] acquire_accept_cred: Failed to get keytab entry for principal CIFS/xxx.xxx

2018/08/16-20:53:04.961648 ~~~~ 7F1390BE9709 sade:KERBEROS: 3:[vdm] xx.xxx@xx.xxx – error No principal inkeytab matches desired name (39756033)

2018/08/16-20:53:05.477279 ~~~~ 7F1390BE9709 sade:SMB: 4:[vdm] Unsupported authentication mode: authMethod:4,kerberosSupport:1, negoMethod:0

The Host (A) entry in DNS is different from the computer name of the CIFS server, and was not added in the keytab or SPN list. For example, the computer name of the CIFS server is “example.dell.com”, but it is configured like this in DNS:

Name Type Data

example_alias Host (A) 5.6.7.8

example Alias (CNAME) example_alias.dell.com

In the output of “/nas/bin/server_cifs <vdm> -setspn -list -compname <comp_name>”, there is no SPN called “example_alias”.

There are two options;

Option 1. Make sure the Host (A) entry is identical to the computer name of the CIFS server. If the users want to access via other names, configured them as Alias (CNAME):

Name Type Data

example Host (A) 5.6.7.8

example_alias Alias (CNAME) example.dell.com

Option 2. Run “/nas/bin/server_cifs <vdm> -setspn -add <SPN> -compname <comp_name> -domain <full_domain_name> -admin <admin_name>” to add the Host (A) entry in SPN.

Related:

ITMS 8.1 Server OS Upgrade

I need a solution

Hi,

We have a stable ITMS 8.1 RU7 installation running on a virtualised Server 2008 box. The CMDB is on a physical Server 2008 box. Not surprisingly, we’d like to stop using Server 2008 so we’d like to move both onto Server 2012 or 2016. I’ve had a dig around but I can’t find a succinct description of what’s involved in what must be process that lots of us go through eventually.

If I’ve understood things right, I believe we can stop the NS, backup the DB, restore it onto a new SQL server, and then point the NS to the new DB using SIM – is that right? Is that ok even if you change the SQL version in the process? Would having a CNAME to the SQL server make this easier next time? What about if I stop the old SQL server and make the old name a CNAME to the new one? Would that make things seamless?

As far as the NS is concerned, I’ve found this excellent forum discussion:

https://www.symantec.com/connect/forums/ns-migration-new-hardware-different-hostname-and-ip

but that scenario is more complex than mine. At a push, looking at some of the comments in that, we could bring the new server up with the same hostname/ip address, but we’d still have an empty box. That thread was about 7.6 – does 8.1 make any difference? Do I just bring up the new server and point SIM at the existing DB and then migrate any packages, images etc?

Thanks in advance and sorry if there’s a brilliant article out there which I just haven’t found…

Regards

Martin

0

Related:

Working with lots of sub-domains

I do not need a solution (just sharing information)

Has anyone had the requirement to recieve mail from multiple sub-domains, and how have you configured this?

On our current platform we are able to receive anything pointed to us (resolved by the MX lookup) and can route to our exchange servers based on a match on the destination domain. For example if our domain was contoso.com we have many MX entries under the contoso.com domain in DNS like (test, help, users, etc). An incoming message to matt@test.contoso.com would resolve the MX to our server. The SMTP route then matches *.contoso.com and forwards the messages. 

At this stage it appears within Symantec.cloud I am going to have to set up many domains, one for each MX record as I cannot find a way to accept messages to the subdomains. 

0

Related:

Alias for Agent Download

I need a solution

Need help in creating an Alias for the manual Agent download page internally.  I would like my users to be able to enter http://AltirisAgent and be redirected to the /Altiris/NS/Agent/AltirisAgentDownload.aspx page. I have a CNAME created in DNS called AltirisAgent and it is directed back to SERVERNAME.domain.com but still cannot access the location. Tired adding the /altiris and /altiris/ns/agent/altirisagentdownload.aspx.  Not sure on IIS setup for this particular link.

0

Related:

Changing the host name of Endpoint Protection Management server

I need a solution

Hi everyone,

This is NOT about the procedure around Changing the host name of Endpoint Protection Management server — that works just fine and there have been multiple posts and tech notes on how to do it. The procecdure does work as described.

What I’m posting about is a post-change issue with the root certificate which as one would expect was created during the original SEPM server install under the old host name.

It appears that the SSL certificate retains the old host name even after the SEPM host name change even though there are no signs of any abnormality or defect. Everything works just fine with one exception:

One must use the old FQDN in order to hit the web GUI on SEPM (that’s the xxx:9090 web interface), doing all the CNAME and other DNS finagling does not work, the browser would not allow https unless the old FQDN is used. I’ve testtred this with Chrome and IE and simply those browsers would not allow me to load the content of the web manager.

I either get an internal server error (screen shot) or it would load but would not populate the inside of the main page.

Is there a way around this issue?

Thank you

B

0

Related:

Event ID 6532 — DNS Server Configuration

Event ID 6532 — DNS Server Configuration

Updated: November 13, 2007

Applies To: Windows Server 2008

The DNS server configuration consists of the settings that determine how the DNS server will function on a network and how those settings are stored and retrieved when they are needed.

 

Event Details

Product: Windows Operating System
ID: 6532
Source: Microsoft-Windows-DNS-Server-Service
Version: 6.0
Symbolic Name: DNS_EVENT_XFR_CNAME_LOOP
Message: During transfer of zone %1 from master at %2, the DNS server received a CNAME (alias) resource record (RR) for domain node %3 which would form an CNAME loop if accepted and used. The CNAME RR for %3 is being ignored.

Resolve
Correct the configuration file

To correct the configuration file, use a text editor (such as Notepad) to open the indicated file, which is located in %SystemRoot%\System32\Dns. Correct the line that is specified in the warning or error event message, and then restart the DNS server.

Before you change the configuration file, make a copy of the file in case it is necessary to revert to the previous version of the file.

To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To restart the DNS server:

  1. On the DNS server, start Server Manager. To start Server Manager, click Start, click Administrative Tools, and then click Server Manager.
  2. In the console tree, expand Roles, expand DNS Server, and then expand DNS.
  3. Right-click the DNS server, click All Tasks, and then click Restart.

Note: This problem might have been caused by errors that were introduced to the configuration file during previous attempts to edit the configuration file manually. To avoid similar problems in the future, use Server Manager or the dnscmd command to modify the configuration file.

Verify

To verify that the Domain Name System (DNS) configuration is correct, verify that all configuration settings are correct, check the event log for events that indicate continuing problems, and then verify that DNS client computers are able to resolve names properly.

To verify DNS configuration settings:

  1. On the DNS server, start Server Manager. To start Server Manager, click Start, click Administrative Tools, and then click Server Manager.
  2. In the console tree, double-click Roles, double-click DNS Server, and then double-click DNS.
  3. Right-click the DNS server, and then click Properties.
  4. Review the settings on each tab, and verify that they contain the intended values.
  5. Expand the DNS server.
  6. Expand a zone folder, right-click a zone, and then click Properties.
  7. Review the settings on each tab, and verify that they contain the intended values.
  8. Repeat steps 6 and 7 for each zone.

To verify that DNS client computers can resolve names properly:

  1. On a DNS client computer, open a command prompt. To open a command prompt, click Start, click Run, type cmd, and then click OK.
  2. At the command prompt, type pinghostname (where hostname is the DNS name of a computer with a known IP address), and then press ENTER.

If the client can resolve the name, the ping command responds with the following message:

Pinging
hostname [ip_address]

Note: The name resolution is successful even if the ping command reports that the destination is unreachable.

If the client cannot resolve the name, the ping command responds with the following message:

Ping request could not find host
hostname

Related Management Information

DNS Server Configuration

DNS Infrastructure

Related:

Event ID 6531 — DNS Server Configuration

Event ID 6531 — DNS Server Configuration

Updated: November 25, 2009

Applies To: Windows Server 2008 R2

The DNS server configuration consists of the settings that determine how the DNS server will function on a network and how those settings are stored and retrieved when they are needed.

 

Event Details

Product: Windows Operating System
ID: 6531
Source: Microsoft-Windows-DNS-Server-Service
Version: 6.1
Symbolic Name: DNS_EVENT_XFR_CNAME_NOT_ALONE
Message: During transfer of zone %1 from master at %2, the DNS server received a CNAME (alias) resource record (RR) for domain node %3 for which other records of that name were already received. When used, the CNAME RR must be the only record for its domain name. The CNAME RR for %3 will be ignored.

Resolve
Correct the configuration file

To correct the configuration file, use a text editor (such as Notepad) to open the indicated file, which is located in %SystemRoot%\System32\Dns. Correct the line that is specified in the warning or error event message, and then restart the DNS server.

Before you change the configuration file, make a copy of the file in case it is necessary to revert to the previous version of the file.

To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To restart the DNS server:

  1. On the DNS server, start Server Manager. To start Server Manager, click Start, click Administrative Tools, and then click Server Manager.
  2. In the console tree, expand Roles, expand DNS Server, and then expand DNS.
  3. Right-click the DNS server, click All Tasks, and then click Restart.

Note: This problem might have been caused by errors that were introduced to the configuration file during previous attempts to edit the configuration file manually. To avoid similar problems in the future, use Server Manager or the dnscmd command to modify the configuration file.

Verify

To verify that the Domain Name System (DNS) configuration is correct, verify that all configuration settings are correct, check the event log for events that indicate continuing problems, and then verify that DNS client computers are able to resolve names properly.

To verify DNS configuration settings:

  1. On the DNS server, start Server Manager. To start Server Manager, click Start, click Administrative Tools, and then click Server Manager.
  2. In the console tree, double-click Roles, double-click DNS Server, and then double-click DNS.
  3. Right-click the DNS server, and then click Properties.
  4. Review the settings on each tab, and verify that they contain the intended values.
  5. Expand the DNS server.
  6. Expand a zone folder, right-click a zone, and then click Properties.
  7. Review the settings on each tab, and verify that they contain the intended values.
  8. Repeat steps 6 and 7 for each zone.

To verify that DNS client computers can resolve names properly:

  1. On a DNS client computer, open a command prompt. To open a command prompt, click Start, click Run, type cmd, and then click OK.
  2. At the command prompt, type pinghostname (where hostname is the DNS name of a computer with a known IP address), and then press ENTER.

If the client can resolve the name, the ping command responds with the following message:

Pinging
hostname [ip_address]

Note: The name resolution is successful even if the ping command reports that the destination is unreachable.

If the client cannot resolve the name, the ping command responds with the following message:

Ping request could not find host
hostname

Related Management Information

DNS Server Configuration

DNS Infrastructure

Related:

Event ID 6530 — DNS Server Configuration

Event ID 6530 — DNS Server Configuration

Updated: November 13, 2007

Applies To: Windows Server 2008

The DNS server configuration consists of the settings that determine how the DNS server will function on a network and how those settings are stored and retrieved when they are needed.

 

Event Details

Product: Windows Operating System
ID: 6530
Source: Microsoft-Windows-DNS-Server-Service
Version: 6.0
Symbolic Name: DNS_EVENT_XFR_ADD_RR_AT_CNAME
Message: During transfer of zone %1 from master at %2, the DNS server received a resource record (RR) for domain node %3 at which an CNAME (alias) RR was already received. When used, the CNAME RR must be the only record for its domain name. The CNAME RR for %3 will be ignored.

Resolve
Correct the configuration file

To correct the configuration file, use a text editor (such as Notepad) to open the indicated file, which is located in %SystemRoot%\System32\Dns. Correct the line that is specified in the warning or error event message, and then restart the DNS server.

Before you change the configuration file, make a copy of the file in case it is necessary to revert to the previous version of the file.

To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To restart the DNS server:

  1. On the DNS server, start Server Manager. To start Server Manager, click Start, click Administrative Tools, and then click Server Manager.
  2. In the console tree, expand Roles, expand DNS Server, and then expand DNS.
  3. Right-click the DNS server, click All Tasks, and then click Restart.

Note: This problem might have been caused by errors that were introduced to the configuration file during previous attempts to edit the configuration file manually. To avoid similar problems in the future, use Server Manager or the dnscmd command to modify the configuration file.

Verify

To verify that the Domain Name System (DNS) configuration is correct, verify that all configuration settings are correct, check the event log for events that indicate continuing problems, and then verify that DNS client computers are able to resolve names properly.

To verify DNS configuration settings:

  1. On the DNS server, start Server Manager. To start Server Manager, click Start, click Administrative Tools, and then click Server Manager.
  2. In the console tree, double-click Roles, double-click DNS Server, and then double-click DNS.
  3. Right-click the DNS server, and then click Properties.
  4. Review the settings on each tab, and verify that they contain the intended values.
  5. Expand the DNS server.
  6. Expand a zone folder, right-click a zone, and then click Properties.
  7. Review the settings on each tab, and verify that they contain the intended values.
  8. Repeat steps 6 and 7 for each zone.

To verify that DNS client computers can resolve names properly:

  1. On a DNS client computer, open a command prompt. To open a command prompt, click Start, click Run, type cmd, and then click OK.
  2. At the command prompt, type pinghostname (where hostname is the DNS name of a computer with a known IP address), and then press ENTER.

If the client can resolve the name, the ping command responds with the following message:

Pinging
hostname [ip_address]

Note: The name resolution is successful even if the ping command reports that the destination is unreachable.

If the client cannot resolve the name, the ping command responds with the following message:

Ping request could not find host
hostname

Related Management Information

DNS Server Configuration

DNS Infrastructure

Related: