BIND DNS query log analysis with histogram

 Back in December 2010 Evan Hoffman's blog contained details of basic BIND DNS query log parser:

http://www.evanhoffman.com/evan/2010/12/13/more-fun-parsing-bind-query-logs/

The problem with his version was that it did not work for zones that contain views. These days, it is quite common to have DNS with external and internal views. Here is an extract from the typical log file (lines wrapped for readibility): 

07-May-2014 20:09:40.620 client 203.18.150.1#18149:
view external-view: query: gw.mydomain.dom IN A - EDC (192.168.1.250)

07-May-2014 20:12:44.692 client 218.208.159.2#58612:
view external-view: query: www.mydomain.dom IN AAAA - (192.168.0.250)

07-May-2014 20:16:48.138 client 127.0.0.1#39660:
view internal-view: query: 204.57.215.106.in-addr.arpa
IN PTR + (127.0.0.1)
I modified and updated Evan’s script because my own DNS uses external and internal views:

https://www.circlingcycle.com.au/Unix-sources/bind-qps-calc.pl.txt

What does the script report? Here is an example from the report: 

First line:	0	date	Wed May  7 20:09:40 2014
Last line:	7352	date	Fri May  9 15:37:36 2014
Query rate for 156476 seconds: 0.05 per second

Resource Record Summary:
           A records queried         5387 times
          A6 records queried            3 times
        AAAA records queried          227 times
         ANY records queried           19 times
      DNSKEY records queried            5 times
        IXFR records queried            1 times
          MX records queried          562 times
          NS records queried           24 times
         PTR records queried          910 times
         SOA records queried          107 times
         SPF records queried            6 times
         SRV records queried            9 times
         TXT records queried           92 times

Queries Per Second (QPS) Summary:
2014-05-07 20:00 to 20:59 =>  441, rate 0.12 queries/sec **********
2014-05-07 21:00 to 21:59 =>  230, rate 0.06 queries/sec *******
2014-05-07 22:00 to 22:59 =>  575, rate 0.16 queries/sec *************
2014-05-07 23:00 to 23:59 =>  140, rate 0.04 queries/sec *****
2014-05-08 00:00 to 00:59 =>  187, rate 0.05 queries/sec ******
2014-05-08 01:00 to 01:59 =>   66, rate 0.02 queries/sec **
2014-05-08 02:00 to 02:59 =>   33, rate 0.01 queries/sec *
2014-05-08 03:00 to 03:59 =>   39, rate 0.01 queries/sec **
2014-05-08 04:00 to 04:59 =>   39, rate 0.01 queries/sec **
2014-05-08 05:00 to 05:59 =>   57, rate 0.02 queries/sec **
2014-05-08 06:00 to 06:59 =>   49, rate 0.01 queries/sec **
2014-05-08 07:00 to 07:59 =>   23, rate 0.01 queries/sec *
2014-05-08 08:00 to 08:59 =>  273, rate 0.08 queries/sec *********
2014-05-08 09:00 to 09:59 =>  259, rate 0.07 queries/sec ********
...