[dns-operations] DNS error reporting

Petr Spacek pspacek at redhat.com
Thu Feb 11 15:45:27 UTC 2016

On 11.2.2016 12:21, Tony Finch wrote:
> Robert Edmonds <edmonds at mycre.ws> wrote:
>> But, see draft-ietf-appsawg-http-problem for a take on fixing up the
>> problem in the HTTP world, for HTTP APIs.  If JSON is used to report DNS
>> errors, there might be some ideas worth borrowing in that draft.
> If we use a URL to provide more information then we can avoid re-inventing
> HTTP. The nice thing about URLs is that the resource can provide a
> machine-readable application/problem+json response or a human-readable
> text/html response depending on accept headers.

I think that URI in response is a good idea but it cannot suffice. Most
importantly, if local recursive resolver is dead the URI with a host name will
simply not work :-)

E.g. I have seen cases where current time was incorrectly configured on the
local recursive resolver (1 year in the past, a typo ...) so even the root
zone did not validate and all queries resulted in SERVFAIL.

Also, sending human-readable texts does not really work in multi-lingual

Can we invent something which is structured enough so the end node can
translate the message for the user? Or even advise what might be wrong?

E.g. if the SERVFAIL from validator with incorrect time contained information
that validity period started 1 year and 15 days ago and ended 1 year and 5
days ago the user interface could display the information to the me and I
would not bang my head against the wall for that long.

(This was quite surprising because I was constantly looking at time and
day/month but ignored the year ... :-))

Petr Spacek  @  Red Hat

More information about the dns-operations mailing list