ARM-9.18.5: Debug-Level for the example regarding "query-errors" is not correct documented
Summary
Regarding the current ARM (9.18.5) on page 102 (explanation about the 'The query-errors Category'), the message "fetch completed at resolver.c:..." about the detailed context information which results in SERVFAIL
should be logged in debug
level 2 or higher, but in reality, this message will only be logged with debug
level 4 or higher. See the corresponding output with debug
level 4 in BIND-9.18.5 below:
12-Aug-2022 08:47:08.225 query-errors: debug 4: fetch completed at resolver.c:5607 for dnssec-failed.org/A in 1.204014: broken trust chain/broken trust chain [domain:dnssec-failed.org,referral:1,restart:2,qrysent:1,timeout:0,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:1
BIND version used
9.18.5
Steps to reproduce
- Enable query-errors logging with level 2
logging {
channel query-errors {
file "/var/log/named/named.log";
severity debug 2;
print-severity yes;
print-time yes;
print-category yes;
category query-errors { query-errors; };
};
-
dig
fordnssec-failed.org
and check the output for the detailed information. Inseverity debug 2;
, the log contains only the following message and not the detailed information:
12-Aug-2022 08:57:30.971 query-errors: debug 1: client @0x7f8960a0a168 192.168.236.2#58015 (dnssec-failed.org): query failed (broken trust chain) for dnssec-failed.org/IN/A at query.c:7722
What is the current bug behavior?
Debug level information is wrong in the ARM.
What is the expected correct behavior?
The correct debug level like this:
At debug
level 4 or higher, detailed context information about recursive resolutions that resulted in SERVFAIL is logged.
The log message looks like this:
...
...