RFC 9567: DNS Error Reporting
Recent RFCs 2024-04-26
Summary:
DNS error reporting is a lightweight reporting mechanism that
provides the operator of an authoritative server with reports on DNS
resource records that fail to resolve or validate. A domain owner or
DNS hosting organization can use these reports to improve domain
hosting. The reports are based on extended DNS errors as described in
RFC 8914.
When a domain name fails to resolve or validate due to a
misconfiguration or an attack, the operator of the authoritative
server may be unaware of this. To mitigate this lack of feedback,
this document describes a method for a validating resolver to
automatically signal an error to a monitoring agent specified by the
authoritative server. The error is encoded in the QNAME; thus, the
very act of sending the query is to report the error.