From 2faff03ab65d20b8b1bab87f149535018e40af5e Mon Sep 17 00:00:00 2001
From: Kasumi Hanazuki <kasumi@rollingapple.net>
Date: Thu, 24 Aug 2023 05:24:07 +0900
Subject: [PATCH] Metrics for TLS resumes, DoH, and aggressive NSEC (#53)

Map unbound's `num.query.agressive.*` stats to `query_aggressive_nsec`
metrics. This counter tracks the number of queries that unbound
synthesised answers based on the cached NSEC records.

See https://unbound.docs.nlnetlabs.nl/en/latest/topics/privacy/aggressive-nsec.html

Also add `query_tls_resume_total` and `query_https_total` metrics,
which track the number of queries received using TLS resume
and DNS-over-HTTPS transport, resp.

Fixes https://github.com/letsencrypt/unbound_exporter/issues/48
---
 unbound_exporter.go | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/unbound_exporter.go b/unbound_exporter.go
index 66a86b4..e699fee 100644
--- a/unbound_exporter.go
+++ b/unbound_exporter.go
@@ -154,7 +154,7 @@ var (
 			"^num\\.query\\.edns\\.present$"),
 		newUnboundMetric(
 			"query_tcp_total",
-			"Total number of queries that were made using TCP towards the Unbound server.",
+			"Total number of queries that were made using TCP towards the Unbound server, including DoT and DoH queries.",
 			prometheus.CounterValue,
 			nil,
 			"^num\\.query\\.tcp$"),
@@ -166,10 +166,22 @@ var (
 			"^num\\.query\\.tcpout$"),
 		newUnboundMetric(
 			"query_tls_total",
-			"Total number of queries that were made using TCP TLS towards the Unbound server.",
+			"Total number of queries that were made using TCP TLS towards the Unbound server, including DoT and DoH queries.",
 			prometheus.CounterValue,
 			nil,
 			"^num\\.query\\.tls$"),
+		newUnboundMetric(
+			"query_tls_resume_total",
+			"Total number of queries that were made using TCP TLS Resume towards the Unbound server.",
+			prometheus.CounterValue,
+			nil,
+			"^num\\.query\\.tls\\.resume$"),
+		newUnboundMetric(
+			"query_https_total",
+			"Total number of queries that were made using HTTPS towards the Unbound server.",
+			prometheus.CounterValue,
+			nil,
+			"^num\\.query\\.https$"),
 		newUnboundMetric(
 			"query_types_total",
 			"Total number of queries with a given query type.",
@@ -182,6 +194,12 @@ var (
 			prometheus.CounterValue,
 			nil,
 			"^num\\.query\\.udpout$"),
+		newUnboundMetric(
+			"query_aggressive_nsec",
+			"Total number of queries that the Unbound server generated response using Aggressive NSEC.",
+			prometheus.CounterValue,
+			[]string{"rcode"},
+			"^num\\.query\\.aggressive\\.(\\w+)$"),
 		newUnboundMetric(
 			"request_list_current_all",
 			"Current size of the request list, including internally generated queries.",