Let's interpret it sentence by sentence:
1. Dec 26 10:23:52 www named[1033]: Cleaned cache of 26 RRset
This is the first line of each set of log information, indicating that the cache is being cleared.
in:
Dec 26 10:23:52 indicates the log generation time
www displays the machine name where the DNS server is located
named[1033]: Display the DNS server process name and process ID
Cleaned cache of 26 RRset means clearing cache
2. Dec 26 10:23:52 www named[1033]: USAGE 977797432 976760631 CPU=6.55u
/6.24s CHILD CPU=0u/0s
This line is the USAGE line, which is used to count the CPU time occupied by the DNS server.
in:
Dec 26 10:23:52 indicates the log generation time
www displays the machine name where the DNS server is located
named[1033]: Display the DNS server process name and process ID
USAGE row marker
977797432 976760631 The value of 977797432-976760631 is the total number of seconds that the DNS server runs.
CPU=6.55u/6.24s means that the DNS server used the user state for 6.55 seconds and the system state for 6.24 seconds (u represents user,
s stands for system),
CHILD CPU represents the CPU usage of the DNS server child process.
3. Dec 26 10:23:52 www named[1033]: NSTATS 977797432 976760631 0=2 A=13192
CNAME=321 PTR=11204 MX=1173 TXT=4 AAAA=32 ANY=4956
This line is an NSTATS line, used to count the total number of queries received
in:
Dec 26 10:23:52 indicates the log generation time
www displays the machine name where the DNS server is located
named[1033]: Display the DNS server process name and process ID
NSTATS line tags
977797432 976760631 The value of 977797432-976760631 is the total number of seconds that the DNS server runs.
0=2 2 DNS queries representing unknown types
A=13192 represents 13192 address query (most standard)
CNAME=321 represents 321 CNAME class address query (usually some versions of sendmail use the CNAME program
The sending of standardized email addresses is also sent by dig or nslookup)
PTR=11204 represents 11204 pointer query (many software uses this method to find IP addresses)
MX=1173 queries representing 1173 mail exchangers (initiated by the mail sender)
TXT=4 There are 4 text queries performed by the application.
AAAA=32 represents 32 AAAAA class query
ANY=4956 Some address query methods used by Sendmail, totaling 4956
Note: There may also be:
NS=xx represents the name server query (for example: the name server tries to find the server in the root domain)
SOA=xx represents auxiliary DNS update
HINFO=xx Host information query
NSAP=xx Map the domain name into the OSI network service access point address
AXFR=xx assists DNS zone transmission
These did not appear in this case.
4. Dec 26 10:23:52 www named[1033]: XSTATS 977797432 976760631 RR=7629 RNXD=1368
RFwdR=4836 RDupR=51 RFail=159 RFErr=0 RErr=12 RAXFR=0 RLame=175 ROpts=0 SSysQ=2082
SAns=26234 SFwdQ=4520 SDupQ=1263 SErr=0 RQ=30889 RIQ=4 RFwdQ=0
RDupQ=259 RTCP=2
SFwdR=4836 SFail=6 SFErr=0 SNaAns=21753 SNXD=10276
This is the XSTATS line, which is used to count some other data.
in:
Dec 26 10:23:52 indicates the log generation time
www displays the machine name where the DNS server is located
named[1033]: Display the DNS server process name and process ID
NSTATS line tags
977797432 976760631 The value of 977797432-976760631 is the total number of seconds that the DNS server runs.
RR=7629 represents a total of 7629 responses received from other hosts (the number of responses obtained by DNS querying to other machines or processes,
Has nothing to do with RQ)
RNXD=1368 means there are 1368 answers received in total.
RFwdR=108 Received 108 responses to the original query
RDupR=51 Repeat responses 51 (when DNS is in its pending query list and the original query that caused the response cannot be found,
This response is a repeated response)
RFail=159 SERVFAIL (remote server error) received 159 SERVFAIL
RFErr=0 No FORMERR was received (the remote name server believes that the query of the local name server has a wrong format)
Rerr=12 Received 12 errors except SERVFAIL and FORMERR
RAXFR=0 There are 0 zone transmissions in total
RLame=175 Received 175 bad authorizations (meaning that some areas are authorized to other name servers, but this name server is not this
Authority of individual districts)
ROpts=0 The total number of packets received with IP options is 0
SSysQ=2082 A total of 2082 system queries were issued (the system queries are queries performed by the local name server. Most of them are for
root name server)
SAns=26234 A total of 26234 queries were answered
SFwdQ=4520 is not on this name server, but has 4520 forwardings in total
SDupQ=1263 Repeated queries 1263
SErr=0 The total number of errors issued by non-SERVFAIL and FORMERR
RQ=30889 There are 30889 queries received in total
RIQ=4 Reverse queries were received (reverse queries are to map addresses to names, and now this function has been implemented by PTR. It was earlier
nslookup only uses this query)
RFwdQ=0 No query that requires further processing
RDupQ=259 There are 259 duplicate queries
RTCP=2 Received 2 queries via TCP connection (usually using UDP)
SFwdR=4836 4836 responses forwarded from other name servers
SFail=6 sends out a total of 6 SERVFAIL responses considered to be 6
SFErr=0 Number of responses sent by SFErr that are considered FORMERR
SNaAns=21753 Non-authoritative answers total 21753
SNXD=10276 10276 answers were issued without this domain
1. Dec 26 10:23:52 www named[1033]: Cleaned cache of 26 RRset
This is the first line of each set of log information, indicating that the cache is being cleared.
in:
Dec 26 10:23:52 indicates the log generation time
www displays the machine name where the DNS server is located
named[1033]: Display the DNS server process name and process ID
Cleaned cache of 26 RRset means clearing cache
2. Dec 26 10:23:52 www named[1033]: USAGE 977797432 976760631 CPU=6.55u
/6.24s CHILD CPU=0u/0s
This line is the USAGE line, which is used to count the CPU time occupied by the DNS server.
in:
Dec 26 10:23:52 indicates the log generation time
www displays the machine name where the DNS server is located
named[1033]: Display the DNS server process name and process ID
USAGE row marker
977797432 976760631 The value of 977797432-976760631 is the total number of seconds that the DNS server runs.
CPU=6.55u/6.24s means that the DNS server used the user state for 6.55 seconds and the system state for 6.24 seconds (u represents user,
s stands for system),
CHILD CPU represents the CPU usage of the DNS server child process.
3. Dec 26 10:23:52 www named[1033]: NSTATS 977797432 976760631 0=2 A=13192
CNAME=321 PTR=11204 MX=1173 TXT=4 AAAA=32 ANY=4956
This line is an NSTATS line, used to count the total number of queries received
in:
Dec 26 10:23:52 indicates the log generation time
www displays the machine name where the DNS server is located
named[1033]: Display the DNS server process name and process ID
NSTATS line tags
977797432 976760631 The value of 977797432-976760631 is the total number of seconds that the DNS server runs.
0=2 2 DNS queries representing unknown types
A=13192 represents 13192 address query (most standard)
CNAME=321 represents 321 CNAME class address query (usually some versions of sendmail use the CNAME program
The sending of standardized email addresses is also sent by dig or nslookup)
PTR=11204 represents 11204 pointer query (many software uses this method to find IP addresses)
MX=1173 queries representing 1173 mail exchangers (initiated by the mail sender)
TXT=4 There are 4 text queries performed by the application.
AAAA=32 represents 32 AAAAA class query
ANY=4956 Some address query methods used by Sendmail, totaling 4956
Note: There may also be:
NS=xx represents the name server query (for example: the name server tries to find the server in the root domain)
SOA=xx represents auxiliary DNS update
HINFO=xx Host information query
NSAP=xx Map the domain name into the OSI network service access point address
AXFR=xx assists DNS zone transmission
These did not appear in this case.
4. Dec 26 10:23:52 www named[1033]: XSTATS 977797432 976760631 RR=7629 RNXD=1368
RFwdR=4836 RDupR=51 RFail=159 RFErr=0 RErr=12 RAXFR=0 RLame=175 ROpts=0 SSysQ=2082
SAns=26234 SFwdQ=4520 SDupQ=1263 SErr=0 RQ=30889 RIQ=4 RFwdQ=0
RDupQ=259 RTCP=2
SFwdR=4836 SFail=6 SFErr=0 SNaAns=21753 SNXD=10276
This is the XSTATS line, which is used to count some other data.
in:
Dec 26 10:23:52 indicates the log generation time
www displays the machine name where the DNS server is located
named[1033]: Display the DNS server process name and process ID
NSTATS line tags
977797432 976760631 The value of 977797432-976760631 is the total number of seconds that the DNS server runs.
RR=7629 represents a total of 7629 responses received from other hosts (the number of responses obtained by DNS querying to other machines or processes,
Has nothing to do with RQ)
RNXD=1368 means there are 1368 answers received in total.
RFwdR=108 Received 108 responses to the original query
RDupR=51 Repeat responses 51 (when DNS is in its pending query list and the original query that caused the response cannot be found,
This response is a repeated response)
RFail=159 SERVFAIL (remote server error) received 159 SERVFAIL
RFErr=0 No FORMERR was received (the remote name server believes that the query of the local name server has a wrong format)
Rerr=12 Received 12 errors except SERVFAIL and FORMERR
RAXFR=0 There are 0 zone transmissions in total
RLame=175 Received 175 bad authorizations (meaning that some areas are authorized to other name servers, but this name server is not this
Authority of individual districts)
ROpts=0 The total number of packets received with IP options is 0
SSysQ=2082 A total of 2082 system queries were issued (the system queries are queries performed by the local name server. Most of them are for
root name server)
SAns=26234 A total of 26234 queries were answered
SFwdQ=4520 is not on this name server, but has 4520 forwardings in total
SDupQ=1263 Repeated queries 1263
SErr=0 The total number of errors issued by non-SERVFAIL and FORMERR
RQ=30889 There are 30889 queries received in total
RIQ=4 Reverse queries were received (reverse queries are to map addresses to names, and now this function has been implemented by PTR. It was earlier
nslookup only uses this query)
RFwdQ=0 No query that requires further processing
RDupQ=259 There are 259 duplicate queries
RTCP=2 Received 2 queries via TCP connection (usually using UDP)
SFwdR=4836 4836 responses forwarded from other name servers
SFail=6 sends out a total of 6 SERVFAIL responses considered to be 6
SFErr=0 Number of responses sent by SFErr that are considered FORMERR
SNaAns=21753 Non-authoritative answers total 21753
SNXD=10276 10276 answers were issued without this domain