我有一个脚本可以解析某个文件中的DNS信息。代码看起来像这样,并期望转储文件中的2行实例。
nxdom_1st=`grep 'resulted in NXDOMAIN' $path_tmp/named.stats.tmp | awk '{ print $1 }' | grep -m1 ''`
nxdom_2nd=`grep 'resulted in NXDOMAIN' $path_tmp/named.stats.tmp | awk '{ print $1 }' | sort -n | grep -m1 ''`
然后,脚本中的另一个命令下面会告诉它减去结果:
if [ "$nxdom_1st" == '' ]
then
nxdomain=0
else
nxdomain=`expr $nxdom_1st - $nxdom_2nd`
问题是,转储文件最终包含4行"导致NXDOMAIN",2表示实际DNS区域,2表示来自localhost,脚本无法处理它,因此我没有得到任何结果。例如,当转储文件包含如下模式时:
[localhost.localdomain]
[155.168.192.in-addr.arpa]
20 queries resulted in NXDOMAIN
20 queries resulted in NXDOMAIN
在这个例子中," 20"导致问题的原因是它们来自查询自身的本地服务(我认为)。因此" localhost.localdomain"它始终出现在问题行之前。在服务器上我不想使用localhost禁用对自己的查询,因此如果上面的行包含[155.168.192.in-addr.arpa]或[],如何修改脚本以丢弃结果的localhost.localdomain]
以下是脚本解析的文件转储。不幸的是,现在对localhost没有任何疑问,所以你不会看到我在上面发布的内容。 localhost.localdomain和[155.168.192.in-addr.arpa]行存在,只是没有在这两个stat转储上获取任何查询。同样,只有在这两行下面列出了查询时才会出现此问题,这就是为什么我想知道是否可以修改脚本中的grep字符串以排除任何"导致NXDOMIAN"结果可能会在之后直接发生。类似的东西,"如果导致NXDOMAIN"可以看到10行以下" localhost.localdomain",忽略/丢弃等等。
--- Statistics Dump --- (1443199511)
[id.server (view: _bind)]
[authors.bind (view: _bind)]
[hostname.bind (view: _bind)]
[version.bind (view: _bind)]
[8.B.D.0.1.0.0.2.IP6.ARPA]
[B.E.F.IP6.ARPA]
[A.E.F.IP6.ARPA]
[9.E.F.IP6.ARPA]
[8.E.F.IP6.ARPA]
[D.F.IP6.ARPA]
[0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA]
[255.255.255.255.IN-ADDR.ARPA]
[113.0.203.IN-ADDR.ARPA]
[100.51.198.IN-ADDR.ARPA]
[2.0.192.IN-ADDR.ARPA]
[254.169.IN-ADDR.ARPA]
[127.IN-ADDR.ARPA]
[0.in-addr.arpa]
[1.0.0.127.in-addr.arpa]
[1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa]
[localhost]
[localhost.localdomain]
[155.168.192.in-addr.arpa]
[testdns.net]
++ Per Zone Query Statistics ++
53 UDP/IPv6 send errors
26 TCP/IPv4 connections accepted
179 UDP/IPv4 connections established
53 UDP/IPv6 socket connect failures
25 TCP/IPv4 sockets closed
53 UDP/IPv6 sockets closed
181 UDP/IPv4 sockets closed
2 TCP/IPv6 sockets opened
2 TCP/IPv4 sockets opened
54 UDP/IPv6 sockets opened
182 UDP/IPv4 sockets opened
++ Socket I/O Statistics ++
[View: _bind (Cache: _bind)]
4 NXDOMAIN
1 !DS
5 DNSKEY
6 NSEC
30 RRSIG
9 DS
42 AAAA
20 NS
75 A
[View: default]
++ Cache DB RRsets ++
[View: _bind]
20 queries with RTT 100-500ms
159 queries with RTT 10-100ms
27 DNSSEC NX validation succeeded
63 DNSSEC validation succeeded
90 DNSSEC validation attempted
2 IPv6 NS address fetch failed
17 IPv6 NS address fetches
17 IPv4 NS address fetches
52 query retries
18 NXDOMAIN received
179 IPv4 responses received
53 IPv6 queries sent
179 IPv4 queries sent
[View: default]
[Common]
++ Resolver Statistics ++
2 IPv4 notifies sent
++ Zone Maintenance Statistics ++
54 queries caused recursion
625 queries resulted in NXDOMAIN
1270 queries resulted in non authoritative answer
645 queries resulted in successful answer
1251 responses with EDNS(0) sent
1270 responses sent
1251 requests with EDNS(0) received
1270 IPv4 requests received
++ Name Server Statistics ++
[View: _bind]
16 DLV
22 DNSKEY
15 DS
39 AAAA
12 NS
128 A
[View: default]
++ Outgoing Queries ++
1270 A
++ Incoming Queries ++
1270 QUERY
++ Incoming Requests ++
+++ Statistics Dump +++ (1443199511)
--- Statistics Dump --- (1443199211)
[id.server (view: _bind)]
[authors.bind (view: _bind)]
[hostname.bind (view: _bind)]
[version.bind (view: _bind)]
[8.B.D.0.1.0.0.2.IP6.ARPA]
[B.E.F.IP6.ARPA]
[A.E.F.IP6.ARPA]
[9.E.F.IP6.ARPA]
[8.E.F.IP6.ARPA]
[D.F.IP6.ARPA]
[0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA]
[255.255.255.255.IN-ADDR.ARPA]
[113.0.203.IN-ADDR.ARPA]
[100.51.198.IN-ADDR.ARPA]
[2.0.192.IN-ADDR.ARPA]
[254.169.IN-ADDR.ARPA]
[127.IN-ADDR.ARPA]
[0.in-addr.arpa]
[1.0.0.127.in-addr.arpa]
[1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa]
**[localhost]
[localhost.localdomain]
[155.168.192.in-addr.arpa]**
[testdns.net]
++ Per Zone Query Statistics ++
53 UDP/IPv6 send errors
25 TCP/IPv4 connections accepted
172 UDP/IPv4 connections established
53 UDP/IPv6 socket connect failures
24 TCP/IPv4 sockets closed
53 UDP/IPv6 sockets closed
174 UDP/IPv4 sockets closed
2 TCP/IPv6 sockets opened
2 TCP/IPv4 sockets opened
54 UDP/IPv6 sockets opened
175 UDP/IPv4 sockets opened
++ Socket I/O Statistics ++
[View: _bind (Cache: _bind)]
4 NXDOMAIN
2 !DS
5 DNSKEY
6 NSEC
30 RRSIG
9 DS
43 AAAA
20 NS
75 A
[View: default]
++ Cache DB RRsets ++
[View: _bind]
20 queries with RTT 100-500ms
152 queries with RTT 10-100ms
24 DNSSEC NX validation succeeded
60 DNSSEC validation succeeded
84 DNSSEC validation attempted
2 IPv6 NS address fetch failed
17 IPv6 NS address fetches
17 IPv4 NS address fetches
52 query retries
16 NXDOMAIN received
172 IPv4 responses received
53 IPv6 queries sent
172 IPv4 queries sent
[View: default]
[Common]
++ Resolver Statistics ++
2 IPv4 notifies sent
++ Zone Maintenance Statistics ++
50 queries caused recursion
592 queries resulted in NXDOMAIN
1203 queries resulted in non authoritative answer
611 queries resulted in successful answer
1185 responses with EDNS(0) sent
1203 responses sent
1185 requests with EDNS(0) received
1203 IPv4 requests received
++ Name Server Statistics ++
[View: _bind]
16 DLV
21 DNSKEY
14 DS
39 AAAA
12 NS
123 A
[View: default]
++ Outgoing Queries ++
1203 A
++ Incoming Queries ++
1203 QUERY
++ Incoming Requests ++
+++ Statistics Dump +++ (1443199211)
好的,它现在正在发生,这是一个新的代码段转储文件。注意localhost.localdomain行下的查询信息:它在文件中出现两次。
[localhost.localdomain]
[155.168.192.in-addr.arpa]
1 queries resulted in NXDOMAIN
1 queries resulted in nxrrset
3 queries resulted in authoritative answer
1 queries resulted in successful answerenter code here
[localhost]
[localhost.localdomain]
[155.168.192.in-addr.arpa]
1 queries resulted in NXDOMAIN
1 queries resulted in nxrrset
3 queries resulted in authoritative answer
1 queries resulted in successful answer
基本上我需要脚本忽略这些查询,只获取我正在使用的DNS区域的查询。
答案 0 :(得分:0)
如果它一直只产生两行,那么你可以grep命令sed命令
使用grep:
grep -A 2 155.168.192.in-addr.arpa $path_tmp/named.stats.tmp
使用sed:
sed -n -e '/155.168.192.in-addr.arpa/,+2 p' $path_tmp/named.stats.tmp