Logging

Dave Sparro dsparro at gmail.com
Fri Jan 11 13:53:49 UTC 2013


On 1/8/2013 8:19 AM, Timothe Litt wrote:
> What I think would be more useful is if named actually reported the 
> issues to where they'd do some good.  Perhaps a DNS extension "I got 
> an invalid message from you" - so it shows up in the log of the server 
> (and administrator) with the problem.  (I'd worry about denial of 
> service, though if the server is in fact lame, it's not providing 
> service - at least to that zone .  Abuse of the reporting mechanism is 
> the main risk, and avoiding it would take some careful engineering.) 

 From the perspective of the service provider this line of though is 
backasswards.   It is not an "invalid message" for an authoritative 
server to tell the cache asking the question that the domain is not 
hosted here.   When a DNS hosting customer stops paying for DNS hosting 
service, their domain gets removed from the hosting providers auth servers.

It is the delegation that is wrong, not the response from the DNS server.

-- 
Dave



More information about the bind-users mailing list