diff --git a/CHANGES b/CHANGES
index 83ff593050..f2016cf782 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,8 @@
-4014.   [bug]           When including a master file origin_changed was
+4015.	[bug]		Nameservers that are skipped due to them being
+			CNAMEs were not being logged. They are now logged
+			to category 'cname' as per BIND 8. [RT #37935]
+
+4014.	[bug]		When including a master file origin_changed was
 			not being properly set leading to a potentially
 			spurious 'inherited owner' warning. [RT #37919]
 
diff --git a/bin/tests/system/resolver/ns4/root.db b/bin/tests/system/resolver/ns4/root.db
index 212f0cf11a..bd92287118 100644
--- a/bin/tests/system/resolver/ns4/root.db
+++ b/bin/tests/system/resolver/ns4/root.db
@@ -24,3 +24,4 @@ $TTL 300
 				)
 .			NS	a.root-servers.nil.
 a.root-servers.nil.	A	10.53.0.4
+all-cnames		NS	cname.tld
diff --git a/bin/tests/system/resolver/ns4/tld1.db b/bin/tests/system/resolver/ns4/tld1.db
index 5f034f597a..e9930bdfe2 100644
--- a/bin/tests/system/resolver/ns4/tld1.db
+++ b/bin/tests/system/resolver/ns4/tld1.db
@@ -32,4 +32,5 @@ no-edns-version.tld.	NS	ns.no-edns-version.tld.
 ns.no-edns-version.tld.	A	10.53.0.6
 edns-version.tld.	NS	ns.edns-version.tld.
 ns.edns-version.tld.	A	10.53.0.7
-
+cname			CNAME	ns7
+ns7			A	10.53.0.7
diff --git a/bin/tests/system/resolver/ns4/tld2.db b/bin/tests/system/resolver/ns4/tld2.db
index 338f61fbb7..24c44855b7 100644
--- a/bin/tests/system/resolver/ns4/tld2.db
+++ b/bin/tests/system/resolver/ns4/tld2.db
@@ -32,3 +32,5 @@ no-edns-version.tld.	NS	ns.no-edns-version.tld.
 ns.no-edns-version.tld.	A	10.53.0.6
 edns-version.tld.	NS	ns.edns-version.tld.
 ns.edns-version.tld.	A	10.53.0.7
+cname			CNAME	ns7
+ns7			A	10.53.0.7
diff --git a/bin/tests/system/resolver/ns7/all-cnames.db b/bin/tests/system/resolver/ns7/all-cnames.db
new file mode 100644
index 0000000000..3b86c5b432
--- /dev/null
+++ b/bin/tests/system/resolver/ns7/all-cnames.db
@@ -0,0 +1,23 @@
+; Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+$TTL 300
+@ 			IN SOA	marka.isc.org. ns.server. (
+				2010   	; serial
+				600         	; refresh
+				600         	; retry
+				1200    	; expire
+				600       	; minimum
+				)
+@			NS	cname.tld.
diff --git a/bin/tests/system/resolver/ns7/named1.conf b/bin/tests/system/resolver/ns7/named1.conf
index 5572cf8646..6f2b655601 100644
--- a/bin/tests/system/resolver/ns7/named1.conf
+++ b/bin/tests/system/resolver/ns7/named1.conf
@@ -57,3 +57,8 @@ zone "edns-version.tld" {
 	type master;
 	file "edns-version.tld.db";
 };
+
+zone "all-cnames" {
+	type master;
+	file "all-cnames.db";
+};
diff --git a/bin/tests/system/resolver/ns7/named2.conf b/bin/tests/system/resolver/ns7/named2.conf
index daebe3d0e3..30c8a5a771 100644
--- a/bin/tests/system/resolver/ns7/named2.conf
+++ b/bin/tests/system/resolver/ns7/named2.conf
@@ -57,3 +57,8 @@ zone "edns-version.tld" {
 	type master;
 	file "edns-version.tld.db";
 };
+
+zone "all-cnames" {
+	type master;
+	file "all-cnames.db";
+};
diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh
index 8bde7df345..cd9f922d75 100755
--- a/bin/tests/system/resolver/tests.sh
+++ b/bin/tests/system/resolver/tests.sh
@@ -527,5 +527,14 @@ if test ${edns:-0} != 0; then
     status=`expr $status + $ret`
 fi
 
+n=`expr $n + 1`
+echo "I:check that CNAME nameserver is logged correctly (${n})"
+ret=0
+$DIG soa all-cnames @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
+grep "status: SERVFAIL" dig.out.ns5.test${n} > /dev/null || ret=1
+grep "skipping nameserver 'cname.tld' because it is a CNAME, while resolving 'all-cnames/SOA'" ns5/named.run > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:exit status: $status"
 exit $status
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index dd1c5090a4..398a68175b 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -4355,6 +4355,17 @@ category notify { null; };
 		    </para>
 		  </entry>
 		</row>
+		<row rowsep="0">
+		  <entry colname="1">
+		    <para><command>cname</command></para>
+		  </entry>
+		  <entry colname="2">
+		    <para>
+		      Logs nameservers that are skipped due to them being
+		      a CNAME rather than A / AAAA records.
+		    </para>
+		  </entry>
+		</row>
 	      </tbody>
 	    </tgroup>
 	  </informaltable>
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 8df5216f20..dfc45f26dc 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -324,6 +324,15 @@
           to make it easier to diagnose problems.
         </para>
       </listitem>
+      <listitem>
+	<para>
+	  When encountering an authoritative name server whose name is
+	  an alias pointing to another name, the resolver treats
+	  this as an error and skips to the next server. Previously
+	  this happened silently; now the error will be logged to
+	  the newly-created "cname" log category.
+	</para>
+      </listitem>
     </itemizedlist>
   </sect2>
   <sect2 id="relnotes_bugs">
diff --git a/lib/dns/include/dns/log.h b/lib/dns/include/dns/log.h
index c8d0b59b89..bbaac0895d 100644
--- a/lib/dns/include/dns/log.h
+++ b/lib/dns/include/dns/log.h
@@ -44,6 +44,7 @@ LIBDNS_EXTERNAL_DATA extern isc_logmodule_t dns_modules[];
 #define DNS_LOGCATEGORY_EDNS_DISABLED	(&dns_categories[11])
 #define DNS_LOGCATEGORY_RPZ		(&dns_categories[12])
 #define DNS_LOGCATEGORY_RRL		(&dns_categories[13])
+#define DNS_LOGCATEGORY_CNAME		(&dns_categories[14])
 
 /* Backwards compatibility. */
 #define DNS_LOGCATEGORY_GENERAL		ISC_LOGCATEGORY_GENERAL
diff --git a/lib/dns/log.c b/lib/dns/log.c
index 663d420338..56d2bfb6b7 100644
--- a/lib/dns/log.c
+++ b/lib/dns/log.c
@@ -46,6 +46,7 @@ LIBDNS_EXTERNAL_DATA isc_logcategory_t dns_categories[] = {
 	{ "edns-disabled", 0 },
 	{ "rpz",	0 },
 	{ "rate-limit",	0 },
+	{ "cname",	0 },
 	{ NULL, 	0 }
 };
 
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 347cd70264..9af58d4976 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -2838,11 +2838,19 @@ findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port,
 				     fctx->depth + 1, fctx->qc, &find);
 	if (result != ISC_R_SUCCESS) {
 		if (result == DNS_R_ALIAS) {
+			char namebuf[DNS_NAME_FORMATSIZE];
+
 			/*
 			 * XXXRTH  Follow the CNAME/DNAME chain?
 			 */
 			dns_adb_destroyfind(&find);
 			fctx->adberr++;
+			dns_name_format(name, namebuf, sizeof(namebuf));
+			isc_log_write(dns_lctx, DNS_LOGCATEGORY_CNAME,
+				      DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
+				      "skipping nameserver '%s' because it "
+				      "is a CNAME, while resolving '%s'",
+				      namebuf, fctx->info);
 		}
 	} else if (!ISC_LIST_EMPTY(find->list)) {
 		/*