<div dir="ltr"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span style="font-size:12.8px">only if a servfail is generated should that </span><span style="font-size:12.8px">log message appear.</span></blockquote><div><br></div><div>It gets dicey because CNAME records can indirectly contribute to a SERVFAIL. For the hypothetical scenario, imagine a zone that has two NS records with only one targeting a CNAME record. If an intermittent routing problem causes the valid NS target to become unreachable, then no nameservers will be available.</div><div><br></div><div>This doesn't necessarily invalidate the suggestion, but it becomes necessary to log the problems with all associated nameservers at the time of the SERVFAIL. (as opposed to logging problems as they're observed)</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 30, 2015 at 1:27 PM, Paul Vixie <span dir="ltr"><<a href="mailto:paul@redbarn.org" target="_blank">paul@redbarn.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
Robert Edmonds wrote:<br>
<span class="">> Paul Vixie wrote:<br>
>> since every one of these log messages corresponds to an outbound<br>
>> SERVFAIL, i'd like non-expert users to be able to correlate the failures<br>
>> they see in their web browsers to log file messages on their server.<br>
><br>
</span>> Are you sure about that? ...<br>
><br>
> If I understand correctly, the "skipping nameserver ... because it is a<br>
> CNAME" log message can be generated even if no SERVFAIL is eventually<br>
> generated. That is, BIND appears to skip an NS *RR* if it points to a<br>
> CNAME, it doesn't skip the entire NS RRset.<br>
><br>
<br>
you make an excellent point. only if a servfail is generated should that<br>
log message appear.<br>
<div class="HOEnZb"><div class="h5"><br>
--<br>
Paul Vixie<br>
_______________________________________________<br>
dns-operations mailing list<br>
<a href="mailto:dns-operations@lists.dns-oarc.net">dns-operations@lists.dns-oarc.net</a><br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations<br>
dns-jobs</a> mailing list<br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-jobs" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-jobs</a><br>
</div></div></blockquote></div><br></div>