[dns-operations] Cname errors?

Paul Vixie paul at redbarn.org
Wed Sep 30 14:53:24 UTC 2015



Shane Kerr wrote:
> ...
>
> I may misunderstand the message, but it seems like something that gets
> logged by a resolver when someone has configured their zone improperly
> on the authority side. (Apologies if I misunderstand the message!)

there's no misunderstanding.

> If this is the case, then it should be off by default. I'll say it
> again: filling my logs with something that I can't fix seems like a big
> waste of everybody's time.

while i agree with you that it ought to be possible to turn off the
logging, i disagree as to the ideal default. our disagreement should not
matter, because these servers should be run by experts, who should be
looking at every possible config knob and every default setting, before
they go live. so what we're disagreeing about is what should non-expert
users see due to a default log setting they don't override.

> ...
>
> Also, Mark's regarding characterization of this being disabled as a bug
> because it was on in BIND 8... given that BIND 8 was EOL'd more than 8
> years ago I don't think we need to consider behavior changes from BIND
> 8 as a bug anymore. Probably any differences should be considered
> improvements.

no. bind8 was not wrong in this way, and in other ways, that bind9 still
doesn't get right.

> But perhaps BIND 9 should add the "--internet-busybody" option for
> people who have time to go around letting other administrators know
> that the network is not configured to their liking? ;)

you're an expert. override the defaults you don't like.

since every one of these log messages corresponds to an outbound
SERVFAIL, i'd like non-expert users to be able to correlate the failures
they see in their web browsers to log file messages on their server.


-- 
Paul Vixie



More information about the dns-operations mailing list