Re: [dnsext] SRV and wildcard CNAME
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> Mon, 21 February 2011 01:49 UTC
Return-Path: <mohta@necom830.hpcl.titech.ac.jp>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C542D3A6F79 for <dnsext@core3.amsl.com>; Sun, 20 Feb 2011 17:49:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.1
X-Spam-Level:
X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5 tests=[AWL=-0.010, BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vx4VRwbfQyeU for <dnsext@core3.amsl.com>; Sun, 20 Feb 2011 17:49:13 -0800 (PST)
Received: from necom830.hpcl.titech.ac.jp (necom830.hpcl.titech.ac.jp [131.112.32.132]) by core3.amsl.com (Postfix) with SMTP id 943D03A6F93 for <dnsext@ietf.org>; Sun, 20 Feb 2011 17:49:12 -0800 (PST)
Received: (qmail 17194 invoked from network); 21 Feb 2011 02:01:07 -0000
Received: from necom830.hpcl.titech.ac.jp (HELO ?127.0.0.1?) (131.112.32.132) by necom830.hpcl.titech.ac.jp with SMTP; 21 Feb 2011 02:01:07 -0000
Message-ID: <4D61C45E.7000506@necom830.hpcl.titech.ac.jp>
Date: Mon, 21 Feb 2011 10:48:14 +0900
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: Mark Andrews <marka@isc.org>
References: <20110216032120.43474.qmail@joyce.lan> <alpine.LSU.2.00.1102161143180.5244@hermes-1.csi.cam.ac.uk> <20110216212930.57D64A3F344@drugs.dv.isc.org> <4D5D24F3.70206@gis.net> <20110217231720.1FCF3A49096@drugs.dv.isc.org> <4D5E08E4.8060106@necom830.hpcl.titech.ac.jp> <AANLkTikjBvndD91q1jQeU9Q45qZyJbBs8t_wZkFezSfa@mail.gmail.com> <4D61B702.7060902@necom830.hpcl.titech.ac.jp> <20110221011731.F0FE0A6B00F@drugs.dv.isc.org>
In-Reply-To: <20110221011731.F0FE0A6B00F@drugs.dv.isc.org>
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
Cc: dnsext@ietf.org
Subject: Re: [dnsext] SRV and wildcard CNAME
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Feb 2011 01:49:13 -0000
Mark Andrews wrote: >> However, as the only protocol which may be used by *LAZY* users, >> other than http, is https, it may share the same port as http, >> if servers are implemented to distinguish them by the first >> byte of the request. > > It breaks *all* protocols that use SRV. When the protocols used at the domain are http and https only, nothing break. Otherwise, users can not be very lazy. > Wildcarding a SRV record is a bad idea. If you say so, you should also say: Wildcarding a CNAME record is a bad idea to deny *YOUR* example. >> *.example.com CNAME com.example.net >> >> *.example.org CNAME org.example.net >> >> com.example.net SRV 0 1 P com.server.example.net >> org.example.net SRV 0 1 P org.server.example.net >> >> should work, even though it violates SRV specification requiring >> "name MUST NOT be an alias". > > The you have a client that tries to use the "foo" protocol which is > SRV aware. The client asks for _foo._tcp.bar.example.com SRV and > sends up being sent to the http server. If users are less lazy, they can set up: _http._tcp.www.example.com SRV 0 1 P com.server.example.net _http._tcp.www.example.org SRV 0 1 P org.server.example.net and a server operator set up: com.server.example.net CNAME shared.server.example.net org.server.example.net CNAME shared.server.example.net for name based virtual hosting, which is not more difficult for users than users set up: www.example.com CNAME shared.server.example.net www.example.org CNAME shared.server.example.net Masataka Ohta
- Re: [dnsext] DNSEXT progress and possible meeting… Vaggelis Segredakis
- [dnsext] DNSEXT progress and possible meeting at … Olafur Gudmundsson
- Re: [dnsext] DNSEXT progress and possible meeting… Suzanne Woolf
- [dnsext] draft-yao-dnsext-identical-resolution-02… Vaggelis Segredakis
- Re: [dnsext] draft-yao-dnsext-identical-resolutio… Suzanne Woolf
- Re: [dnsext] draft-yao-dnsext-identical-resolutio… Vaggelis Segredakis
- Re: [dnsext] draft-yao-dnsext-identical-resolutio… Andrew Sullivan
- Re: [dnsext] draft-yao-dnsext-identical-resolutio… Suzanne Woolf
- Re: [dnsext] draft-yao-dnsext-identical-resolutio… Andrew Sullivan
- Re: [dnsext] draft-yao-dnsext-identical-resolutio… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… John Levine
- Re: [dnsext] we need help to make names the same,… Jay Ashworth
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… John Levine
- Re: [dnsext] we need help to make names the same,… Alex Bligh
- Re: [dnsext] we need help to make names the same,… John R. Levine
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Alex Bligh
- Re: [dnsext] we need help to make names the same,… Tony Finch
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Vaggelis Segredakis
- Re: [dnsext] we need help to make names the same,… Andrew Sullivan
- Re: [dnsext] we need help to make names the same,… Andrew Sullivan
- Re: [dnsext] we need help to make names the same,… Lawrence Conroy
- Re: [dnsext] we need help to make names the same,… Alex Bligh
- Re: [dnsext] we need help to make names the same,… Nicholas Weaver
- Re: [dnsext] we need help to make names the same,… Andrew Sullivan
- Re: [dnsext] we need help to make names the same,… John R. Levine
- Re: [dnsext] we need help to make names the same,… John R. Levine
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Mark Andrews
- Re: [dnsext] we need help to make names the same,… Mark Andrews
- Re: [dnsext] we need help to make names the same,… Mark Andrews
- Re: [dnsext] we need help to make names the same,… Doug Barton
- Re: [dnsext] we need help to make names the same,… John Levine
- Re: [dnsext] we need help to make names the same,… Mark Andrews
- Re: [dnsext] we need help to make names the same,… Vaggelis Segredakis
- Re: [dnsext] we need help to make names the same,… Vaggelis Segredakis
- Re: [dnsext] we need help to make names the same,… Vaggelis Segredakis
- Re: [dnsext] we need help to make names the same,… Vaggelis Segredakis
- Re: [dnsext] we need help to make names the same,… Tony Finch
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Niall O'Reilly
- Re: [dnsext] we need help to make names the same,… Danny Mayer
- Re: [dnsext] we need help to make names the same,… Vaggelis Segredakis
- Re: [dnsext] we need help to make names the same,… Vaggelis Segredakis
- Re: [dnsext] we need help to make names the same,… Jay Ashworth
- Re: [dnsext] we need help to make names the same,… Jay Ashworth
- Re: [dnsext] we need help to make names the same,… Andrew Sullivan
- Re: [dnsext] we need help to make names the same,… Mark Andrews
- Re: [dnsext] we need help to make names the same,… Danny Mayer
- Re: [dnsext] we need help to make names the same,… Mark Andrews
- Re: [dnsext] we need help to make names the same,… Danny Mayer
- Re: [dnsext] we need help to make names the same,… Mark Andrews
- Re: [dnsext] we need help to make names the same,… Brian Dickson
- [dnsext] SRV and wildcard CNAME Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Patrik Fältström
- Re: [dnsext] we need help to make names the same,… John R. Levine
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Patrik Fältström
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Danny Mayer
- Re: [dnsext] we need help to make names the same,… Suzanne Woolf
- Re: [dnsext] we need help to make names the same,… Andrew Sullivan
- Re: [dnsext] we need help to make names the same,… Paul Vixie
- Re: [dnsext] we need help to make names the same,… Doug Barton
- Re: [dnsext] we need help to make names the same,… Andrew Sullivan
- Re: [dnsext] we need help to make names the same,… Doug Barton
- Re: [dnsext] we need help to make names the same,… Mark Andrews
- Re: [dnsext] we need help to make names the same,… Andrew Sullivan
- Re: [dnsext] we need help to make names the same,… Doug Barton
- Re: [dnsext] we need help to make names the same,… Eric Brunner-Williams
- Re: [dnsext] SRV and wildcard CNAME Phillip Hallam-Baker
- Re: [dnsext] we need help to make names the same,… Jay Ashworth
- Re: [dnsext] we need help to make names the same,… Phillip Hallam-Baker
- Re: [dnsext] we need help to make names the same,… Tony Finch
- Re: [dnsext] SRV and wildcard CNAME Masataka Ohta
- Re: [dnsext] SRV and wildcard CNAME Mark Andrews
- Re: [dnsext] SRV and wildcard CNAME Masataka Ohta
- Re: [dnsext] SRV and wildcard CNAME Mark Andrews
- Re: [dnsext] SRV and wildcard CNAME Masataka Ohta
- Re: [dnsext] SRV and wildcard CNAME Larry Brower
- Re: [dnsext] SRV and wildcard CNAME Masataka Ohta
- Re: [dnsext] SRV and wildcard CNAME Phillip Hallam-Baker
- Re: [dnsext] SRV and wildcard CNAME Mark Andrews
- Re: [dnsext] SRV and wildcard CNAME Masataka Ohta
- Re: [dnsext] SRV and wildcard CNAME Masataka Ohta
- Re: [dnsext] SRV and wildcard CNAME Phillip Hallam-Baker
- Re: [dnsext] we need help to make names the same,… Vaggelis Segredakis
- Re: [dnsext] we need help to make names the same,… Phillip Hallam-Baker
- Re: [dnsext] we need help to make names the same,… Eric Brunner-Williams
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Andrew Sullivan
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- [dnsext] bi-directionality Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Nicholas Weaver
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Nicholas Weaver
- Re: [dnsext] we need help to make names the same,… Phillip Hallam-Baker
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Tony Finch
- Re: [dnsext] we need help to make names the same,… Tony Finch
- Re: [dnsext] we need help to make names the same,… Tony Finch
- Re: [dnsext] we need help to make names the same,… Nicholas Weaver
- Re: [dnsext] we need help to make names the same,… Eric Brunner-Williams
- Re: [dnsext] we need help to make names the same,… Phillip Hallam-Baker
- Re: [dnsext] we need help to make names the same,… Nicholas Weaver
- Re: [dnsext] we need help to make names the same,… Donald Eastlake
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Tony Finch
- Re: [dnsext] we need help to make names the same,… Phillip Hallam-Baker
- Re: [dnsext] we need help to make names the same,… Tony Finch
- Re: [dnsext] we need help to make names the same,… Phillip Hallam-Baker
- Re: [dnsext] we need help to make names the same,… Phillip Hallam-Baker
- Re: [dnsext] we need help to make names the same,… Tony Finch
- Re: [dnsext] we need help to make names the same,… Nicholas Weaver
- Re: [dnsext] we need help to make names the same,… Phillip Hallam-Baker
- Re: [dnsext] we need help to make names the same,… Nicholas Weaver
- Re: [dnsext] we need help to make names the same,… Eric Brunner-Williams
- Re: [dnsext] we need help to make names the same,… Alex Nicoll
- Re: [dnsext] we need help to make names the same,… Tony Finch
- [dnsext] does making names the same NEED protocol… Nicholas Weaver
- Re: [dnsext] does making names the same NEED prot… Phillip Hallam-Baker
- Re: [dnsext] does making names the same NEED prot… Nicholas Weaver
- Re: [dnsext] does making names the same NEED prot… Alex Bligh
- Re: [dnsext] does making names the same NEED prot… Suzanne Woolf
- Re: [dnsext] does making names the same NEED prot… Andrew Sullivan
- Re: [dnsext] does making names the same NEED prot… Phillip Hallam-Baker
- Re: [dnsext] does making names the same NEED prot… Tony Finch
- Re: [dnsext] does making names the same NEED prot… Alex Bligh
- Re: [dnsext] does making names the same NEED prot… Phillip Hallam-Baker
- Re: [dnsext] does making names the same NEED prot… Andrew Sullivan
- Re: [dnsext] does making names the same NEED prot… Phillip Hallam-Baker
- Re: [dnsext] does making names the same NEED prot… Tony Finch
- Re: [dnsext] does making names the same NEED prot… Michael Graff
- Re: [dnsext] does making names the same NEED prot… Nicholas Weaver
- Re: [dnsext] does making names the same NEED prot… Andrew Sullivan
- Re: [dnsext] does making names the same NEED prot… Nicholas Weaver
- Re: [dnsext] does making names the same NEED prot… Brian Dickson
- Re: [dnsext] does making names the same NEED prot… Andrew Sullivan
- Re: [dnsext] does making names the same NEED prot… Ted Hardie
- Re: [dnsext] slave signing, was does making names… John Levine
- Re: [dnsext] slave signing, was does making names… Phillip Hallam-Baker
- Re: [dnsext] slave signing, was does making names… John Levine
- Re: [dnsext] slave signing, was does making names… Phillip Hallam-Baker
- Re: [dnsext] the same in old days, was making nam… John Levine
- Re: [dnsext] slave signing, was does making names… John Levine
- Re: [dnsext] the same in old days, was making nam… Alex Bligh
- Re: [dnsext] the same in old days, was making nam… John R. Levine
- Re: [dnsext] the same in old days, was making nam… Alex Bligh
- Re: [dnsext] the same in old days, was making nam… John R. Levine
- Re: [dnsext] the same in old days, was making nam… Phillip Hallam-Baker
- Re: [dnsext] the same in old days, was making nam… Ted Hardie
- Re: [dnsext] the same in old days, was making nam… Eric Brunner-Williams
- Re: [dnsext] the same in old days, was making nam… Ted Hardie
- Re: [dnsext] the same in old days, was making nam… Eric Brunner-Williams
- [dnsext] Terminological precision (was: the same … Andrew Sullivan
- Re: [dnsext] the same in old days, was making nam… Ted Hardie
- Re: [dnsext] does making names the same NEED prot… Olafur Gudmundsson
- Re: [dnsext] the same in old days, was making nam… Doug Barton