[dns-operations] Error codes or next steps - was Re: DNS at FOSDEM 2016

Shane Kerr shane at time-travellers.org
Mon Feb 15 22:20:07 UTC 2016


At 2016-02-12 22:39:41 +0000
Edward Lewis <edward.lewis at icann.org> wrote:
> The above comment though might turn the problem space around.  How about
> defining codes that tell a querier to "try again" or "try later" or "try
> another server" or "try a different authority" or "give up and go home."
> That is, ultimately, what the DNS system really needs (even if it make the
> GUI folks go begging for a reason to show the user).

The DNS system doesn't need anything. The DNS system is fine. :)

But as a USER of the DNS system, I'd really like some more information
about what is failing. I don't think the idea of providing codes which
define actions makes sense, because that assumes the server has some
idea of why I am making a query and what I want to do about failure.

Honestly, whatever text eventually reaches a human being will get cut &
paste into Google... which is actually probably not a bad thing.

Basically, I like Evan's proposed approach of creating an IANA registry
of error codes, which will also include what additional data they
provide. It really needs to be something that can be more-or-less
easily extended because a lot of stuff will be missed (I just noticed
that there doesn't seem to be a code for having too many NSEC3
iterations defined, for example; also I'm not sure what would be
sent if a client had too many active queries to a server; and so on).

I wonder if we could get a Google summer of code project to go through
BIND 9 and Unbound and PowerDNS Recursor and Knot Resolver and map all
of the SERVFAIL points in the code to specific errors... :)



More information about the dns-operations mailing list