Open appliedprivacy opened 3 years ago
I don't think we will implement this in dnsdist, as it would require parsing the response which we try to avoid for performance (and feature creep) reasons. I realize it might be useful to centralize these counters when you have several backends, though., but I think it makes much more sense to have this implemented in the backend instead, as we are doing in https://github.com/PowerDNS/pdns/pull/9673.
Thanks for your explanation, understood for SERVFAIL that are simply relayed from backends, but how about SERVFAILs that dnsdist generates itself (ie. because it can not reach any backend)?
For answers generated directly from dnsdist it's a different matter and I would be glad to have that feature.
There was also some interest in being able to extend RCodeAction
to support EDE in https://github.com/PowerDNS/pdns/pull/7636, but it was for an early version of the draft.
+1 for being able to count EDE values that are produced/set by dnsdist itself by any means including those mentioned in #7636 (if fully implemented) or just for "simple" results like the backend(s) not being available, or clients being prohibited via various dynamic or static rules
it makes much more sense to have this implemented in the backend instead, as we are doing in #9673.
is there already a feature request to add EDE for backend metrics (pdns_recursor_servfail_answers
) or should we file one?
I don't think we have a feature request for EDE metrics in the recursor, no.
Short description
When looking at dnsdist prometheus metrics SERVFAIL graphs the obvious question comes up: What is the root cause behind them? A recently published RFC aims to help with that: https://datatracker.ietf.org/doc/rfc8914/ https://blog.cloudflare.com/unwrap-the-servfail/
Usecase
Better understanding of the root cause behind SERVFAILs (if EDE data is available)
Description
Would be nice if each EDE case would be counted and published in prometheus metrics individually if the information is available.
Current metrics
could be extended with a EDE label containing the codes:
ede= https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#extended-dns-error-codes
example:
In addition to those with an EDE present it would be nice to also see the amount of SERVFAIL with no EDE present.