[dns-operations] Cname errors?

Andrew Boling aboling at gmail.com
Wed Sep 30 18:20:11 UTC 2015

> only if a servfail is generated should that log message appear.

It gets dicey because CNAME records can indirectly contribute to a
SERVFAIL. For the hypothetical scenario, imagine a zone that has two NS
records with only one targeting a CNAME record. If an intermittent routing
problem causes the valid NS target to become unreachable, then no
nameservers will be available.

This doesn't necessarily invalidate the suggestion, but it becomes
necessary to log the problems with all associated nameservers at the time
of the SERVFAIL. (as opposed to logging problems as they're observed)

On Wed, Sep 30, 2015 at 1:27 PM, Paul Vixie <paul at redbarn.org> wrote:

> Robert Edmonds wrote:
> > Paul Vixie wrote:
> >> since every one of these log messages corresponds to an outbound
> >> SERVFAIL, i'd like non-expert users to be able to correlate the failures
> >> they see in their web browsers to log file messages on their server.
> >
> > Are you sure about that?  ...
> >
> > If I understand correctly, the "skipping nameserver ... because it is a
> > CNAME" log message can be generated even if no SERVFAIL is eventually
> > generated.  That is, BIND appears to skip an NS *RR* if it points to a
> > CNAME, it doesn't skip the entire NS RRset.
> >
> you make an excellent point. only if a servfail is generated should that
> log message appear.
> --
> Paul Vixie
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150930/a30ddca2/attachment.html>

More information about the dns-operations mailing list