Re: [dnsext] we need help to make names the same, was draft-yao-dnsext-identical-resolution-02 comment
Brian Dickson <brian.peter.dickson@gmail.com> Fri, 18 February 2011 05:48 UTC
Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EDAC73A69D0 for <dnsext@core3.amsl.com>; Thu, 17 Feb 2011 21:48:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ap6iPGb87GrL for <dnsext@core3.amsl.com>; Thu, 17 Feb 2011 21:48:42 -0800 (PST)
Received: from mail-fx0-f44.google.com (mail-fx0-f44.google.com [209.85.161.44]) by core3.amsl.com (Postfix) with ESMTP id EDBCA3A6AA7 for <dnsext@ietf.org>; Thu, 17 Feb 2011 21:48:41 -0800 (PST)
Received: by fxm9 with SMTP id 9so3560028fxm.31 for <dnsext@ietf.org>; Thu, 17 Feb 2011 21:49:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=1/jwOIMWSLGIkHMZfIx4qlDepnHC10lkWO/OgDbzOak=; b=M+WMrIoZhWJ53FeRpRK4YA5H77G8pXcaQ1PpfzwD+p0SAEAlUER/Mt2zeTzNCfDw3v IM644xE8ypvIbLY/4GIFpXcill/jGxy+HDowO/FUZ+yRk4blKFVLej3EdCpE0a/uKIuz lMKhuHYPsrEirmRrfk7jO4JFxcWBKJr8XDipE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=BxM2Q7JepthE/WsilZFdsT29/hKB6HTAzciHh2peZlRnyvJVeiUwdwWiB0SEZoBypn GPPuVK6B2QnxVGj3nteJeCFJdnTj9yjgQ72j7sJ4pwCGSb2Sjzdcswi9nC1kHtJ3AqN+ KMYGteqRoqIjxGee8xUJ4lwuGFVXB0PIaPHdE=
MIME-Version: 1.0
Received: by 10.223.73.202 with SMTP id r10mr413211faj.133.1298008140951; Thu, 17 Feb 2011 21:49:00 -0800 (PST)
Received: by 10.223.107.132 with HTTP; Thu, 17 Feb 2011 21:49:00 -0800 (PST)
In-Reply-To: <20110217231720.1FCF3A49096@drugs.dv.isc.org>
References: <20110216032120.43474.qmail@joyce.lan> <alpine.LSU.2.00.1102161143180.5244@hermes-1.csi.cam.ac.uk> <20110216212930.57D64A3F344@drugs.dv.isc.org> <4D5D24F3.70206@gis.net> <20110217231720.1FCF3A49096@drugs.dv.isc.org>
Date: Thu, 17 Feb 2011 21:49:00 -0800
Message-ID: <AANLkTi=H4GKka-K4GNuTRwTAFYo6NS_VVMWLbLXrDBZc@mail.gmail.com>
From: Brian Dickson <brian.peter.dickson@gmail.com>
To: Mark Andrews <marka@isc.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: John Levine <johnl@iecc.com>, dnsext@ietf.org
Subject: Re: [dnsext] we need help to make names the same, was draft-yao-dnsext-identical-resolution-02 comment
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Feb 2011 05:48:51 -0000
I think there definitely needs to be a new combination of things: RRTYPE, semantics, and API. Overloading CNAME, while attractive, is likely to cause problems. It is also limited by what CNAME permits for RDATA. Consider a generic example, where there may be multiple equivalences at multiple locations of a FQDN A.B.C.example.gr (say). Say we have A1,A2,A3, and A4 that are all meant to be "the same", and we want the "official" (canonical) name used to be A1. Similarly, B1 for B2/B3/B4, C1 for C2/C3/C4. It would be both cumbersome, and bloated, to have to put all combinations into DNS as CNAMEs. It would also be limiting to put other requirements onto how the zone structure was built (such as requiring delegations/zone cuts). Lets consider two aspects of the naming issue. First, is the "same resolution" problem - having all combinations An.Bn.Cn.example.gr resolve identically (such as with A records). (We can leave that for another day, to discuss how to do that.) Second, is having all such combinations advise the client what the "canonical" name should be, i.e. A1.B1.C1.example.gr. Having these two handled orthogonally, means there are two distinct problems. It also means that the second problem is effectively "opt-in"; it doesn't break anything that doesn't explicitly query for it or understand it. It doesn't change the semantics of existing DNS stuff. Adding a new API, call it "dns_canonicalize()", lets things that care, look up FQDNs, and get back "canonical FQDNs". Ideally, the results of "gethostbyname(FQDN)" and "gethostbyname(dns_canonicalize(FQDN))" would return the same values, but I don't think it should be a strict requirement, rather a "principal of least surprise" recommendation to zone operators. The new RRTYPE could be, for example, CLABEL. A CLABEL's RDATA would be either a "label", i.e. relative domain name, or an FQDN (ending with a "." to anchor it at the root.) So, in our example, A3.B2.C3.example.gr could be a CLABEL of "A1", meaning only the left-most label has a "canonical" preferred label. And B2.C3.example.gr could have a CLABEL of "B1", and C3.example.gr could have a CLABEL of "C1". The resolver implementing "dns_canonicalize" would start with the FQDN, and work right-to-left (top down), looking for CLABELs at each node. Any time a CLABEL is found, rewriting is done, either relative (current label), or absolute (everything to the right). So, "dns_canonicalize("A3.B2.C3.example.gr")" would proceed as: A3.B2.C3.example.gr (no CLABEL at gr) A3.B2.C3.example.gr (no CLABEL at example.gr) A3.B2.C1.example.gr (CLABEL at C3 -> C1) A3.B1.C1.example.gr (CLABEL at B2 -> B1) A1.B1.C1.example.gr (CLABEL at A3 -> A1). The extra code in a web browser would be taking what the user typed in the address bar, apply (dns_canonicalize), and use the resulting name as the correct name to open the http (or whatever) connection to the server found at the corresponding A (or AAAA) record (or whatever else gets used in figuring out where to go and what to do). I think this has good scaling properties, doesn't break anything, and is likely to be useful to those who need it. It doesn't matter if 97% of the DNS namespace doesn't have any CLABELs, IMHO, as long as the mechanism has adequate support at both the DNS protocol and the application layers. Brian P.S. Perhaps CLABELs could be included in the additional section, if QTYPE != CLABEL, to reduce delays, server load, etc. (?) On Thu, Feb 17, 2011 at 3:17 PM, Mark Andrews <marka@isc.org> wrote: > > In message <4D5D24F3.70206@gis.net>, Danny Mayer writes: >> Even if there were I'm not convinced that it would be useful since there >> is no way on the RHS to specify the path. It can give you a name, a >> port, a weight and a priority but no path. There was a proposal for a >> URL RR but I cannot find it right now and I don't think the wg is >> considering it, at least it's not on the document list. >> >> Danny > > Which can be dealt with entirely at the HTTP/S layer. > > People are using CNAME for > > site -> hosting server > > this include "www.example.net CNAME example.net". > > We need to support > > site alias -> site { -> hosting server } > > CNAME NEW-TYPE > > Additionally people are too lazy to add records for each virtual > service in the DNS so they use "* CNAME server" which makes using > SRV hard as it requires prepended labels. > > To prevent breaking existing clients that use CNAME like NEW-TYPE > client would look for NEW-TYPE and only re-write the URL there is > a CNAME and a NEW-TYPE returned. > > The CNAME would be replace by NEW-TYPE + addresses records to > help with the transition. > > This is very much like the introduction of MX records. At > some point you stop putting in address records. > > Mark > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: marka@isc.org > _______________________________________________ > dnsext mailing list > dnsext@ietf.org > https://www.ietf.org/mailman/listinfo/dnsext >
- Re: [dnsext] DNSEXT progress and possible meeting… Vaggelis Segredakis
- [dnsext] DNSEXT progress and possible meeting at … Olafur Gudmundsson
- Re: [dnsext] DNSEXT progress and possible meeting… Suzanne Woolf
- [dnsext] draft-yao-dnsext-identical-resolution-02… Vaggelis Segredakis
- Re: [dnsext] draft-yao-dnsext-identical-resolutio… Suzanne Woolf
- Re: [dnsext] draft-yao-dnsext-identical-resolutio… Vaggelis Segredakis
- Re: [dnsext] draft-yao-dnsext-identical-resolutio… Andrew Sullivan
- Re: [dnsext] draft-yao-dnsext-identical-resolutio… Suzanne Woolf
- Re: [dnsext] draft-yao-dnsext-identical-resolutio… Andrew Sullivan
- Re: [dnsext] draft-yao-dnsext-identical-resolutio… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… John Levine
- Re: [dnsext] we need help to make names the same,… Jay Ashworth
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… John Levine
- Re: [dnsext] we need help to make names the same,… Alex Bligh
- Re: [dnsext] we need help to make names the same,… John R. Levine
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Alex Bligh
- Re: [dnsext] we need help to make names the same,… Tony Finch
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Vaggelis Segredakis
- Re: [dnsext] we need help to make names the same,… Andrew Sullivan
- Re: [dnsext] we need help to make names the same,… Andrew Sullivan
- Re: [dnsext] we need help to make names the same,… Lawrence Conroy
- Re: [dnsext] we need help to make names the same,… Alex Bligh
- Re: [dnsext] we need help to make names the same,… Nicholas Weaver
- Re: [dnsext] we need help to make names the same,… Andrew Sullivan
- Re: [dnsext] we need help to make names the same,… John R. Levine
- Re: [dnsext] we need help to make names the same,… John R. Levine
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Mark Andrews
- Re: [dnsext] we need help to make names the same,… Mark Andrews
- Re: [dnsext] we need help to make names the same,… Mark Andrews
- Re: [dnsext] we need help to make names the same,… Doug Barton
- Re: [dnsext] we need help to make names the same,… John Levine
- Re: [dnsext] we need help to make names the same,… Mark Andrews
- Re: [dnsext] we need help to make names the same,… Vaggelis Segredakis
- Re: [dnsext] we need help to make names the same,… Vaggelis Segredakis
- Re: [dnsext] we need help to make names the same,… Vaggelis Segredakis
- Re: [dnsext] we need help to make names the same,… Vaggelis Segredakis
- Re: [dnsext] we need help to make names the same,… Tony Finch
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Niall O'Reilly
- Re: [dnsext] we need help to make names the same,… Danny Mayer
- Re: [dnsext] we need help to make names the same,… Vaggelis Segredakis
- Re: [dnsext] we need help to make names the same,… Vaggelis Segredakis
- Re: [dnsext] we need help to make names the same,… Jay Ashworth
- Re: [dnsext] we need help to make names the same,… Jay Ashworth
- Re: [dnsext] we need help to make names the same,… Andrew Sullivan
- Re: [dnsext] we need help to make names the same,… Mark Andrews
- Re: [dnsext] we need help to make names the same,… Danny Mayer
- Re: [dnsext] we need help to make names the same,… Mark Andrews
- Re: [dnsext] we need help to make names the same,… Danny Mayer
- Re: [dnsext] we need help to make names the same,… Mark Andrews
- Re: [dnsext] we need help to make names the same,… Brian Dickson
- [dnsext] SRV and wildcard CNAME Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Patrik Fältström
- Re: [dnsext] we need help to make names the same,… John R. Levine
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Patrik Fältström
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Danny Mayer
- Re: [dnsext] we need help to make names the same,… Suzanne Woolf
- Re: [dnsext] we need help to make names the same,… Andrew Sullivan
- Re: [dnsext] we need help to make names the same,… Paul Vixie
- Re: [dnsext] we need help to make names the same,… Doug Barton
- Re: [dnsext] we need help to make names the same,… Andrew Sullivan
- Re: [dnsext] we need help to make names the same,… Doug Barton
- Re: [dnsext] we need help to make names the same,… Mark Andrews
- Re: [dnsext] we need help to make names the same,… Andrew Sullivan
- Re: [dnsext] we need help to make names the same,… Doug Barton
- Re: [dnsext] we need help to make names the same,… Eric Brunner-Williams
- Re: [dnsext] SRV and wildcard CNAME Phillip Hallam-Baker
- Re: [dnsext] we need help to make names the same,… Jay Ashworth
- Re: [dnsext] we need help to make names the same,… Phillip Hallam-Baker
- Re: [dnsext] we need help to make names the same,… Tony Finch
- Re: [dnsext] SRV and wildcard CNAME Masataka Ohta
- Re: [dnsext] SRV and wildcard CNAME Mark Andrews
- Re: [dnsext] SRV and wildcard CNAME Masataka Ohta
- Re: [dnsext] SRV and wildcard CNAME Mark Andrews
- Re: [dnsext] SRV and wildcard CNAME Masataka Ohta
- Re: [dnsext] SRV and wildcard CNAME Larry Brower
- Re: [dnsext] SRV and wildcard CNAME Masataka Ohta
- Re: [dnsext] SRV and wildcard CNAME Phillip Hallam-Baker
- Re: [dnsext] SRV and wildcard CNAME Mark Andrews
- Re: [dnsext] SRV and wildcard CNAME Masataka Ohta
- Re: [dnsext] SRV and wildcard CNAME Masataka Ohta
- Re: [dnsext] SRV and wildcard CNAME Phillip Hallam-Baker
- Re: [dnsext] we need help to make names the same,… Vaggelis Segredakis
- Re: [dnsext] we need help to make names the same,… Phillip Hallam-Baker
- Re: [dnsext] we need help to make names the same,… Eric Brunner-Williams
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Andrew Sullivan
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- [dnsext] bi-directionality Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Nicholas Weaver
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Nicholas Weaver
- Re: [dnsext] we need help to make names the same,… Phillip Hallam-Baker
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Tony Finch
- Re: [dnsext] we need help to make names the same,… Tony Finch
- Re: [dnsext] we need help to make names the same,… Tony Finch
- Re: [dnsext] we need help to make names the same,… Nicholas Weaver
- Re: [dnsext] we need help to make names the same,… Eric Brunner-Williams
- Re: [dnsext] we need help to make names the same,… Phillip Hallam-Baker
- Re: [dnsext] we need help to make names the same,… Nicholas Weaver
- Re: [dnsext] we need help to make names the same,… Donald Eastlake
- Re: [dnsext] we need help to make names the same,… Masataka Ohta
- Re: [dnsext] we need help to make names the same,… Tony Finch
- Re: [dnsext] we need help to make names the same,… Phillip Hallam-Baker
- Re: [dnsext] we need help to make names the same,… Tony Finch
- Re: [dnsext] we need help to make names the same,… Phillip Hallam-Baker
- Re: [dnsext] we need help to make names the same,… Phillip Hallam-Baker
- Re: [dnsext] we need help to make names the same,… Tony Finch
- Re: [dnsext] we need help to make names the same,… Nicholas Weaver
- Re: [dnsext] we need help to make names the same,… Phillip Hallam-Baker
- Re: [dnsext] we need help to make names the same,… Nicholas Weaver
- Re: [dnsext] we need help to make names the same,… Eric Brunner-Williams
- Re: [dnsext] we need help to make names the same,… Alex Nicoll
- Re: [dnsext] we need help to make names the same,… Tony Finch
- [dnsext] does making names the same NEED protocol… Nicholas Weaver
- Re: [dnsext] does making names the same NEED prot… Phillip Hallam-Baker
- Re: [dnsext] does making names the same NEED prot… Nicholas Weaver
- Re: [dnsext] does making names the same NEED prot… Alex Bligh
- Re: [dnsext] does making names the same NEED prot… Suzanne Woolf
- Re: [dnsext] does making names the same NEED prot… Andrew Sullivan
- Re: [dnsext] does making names the same NEED prot… Phillip Hallam-Baker
- Re: [dnsext] does making names the same NEED prot… Tony Finch
- Re: [dnsext] does making names the same NEED prot… Alex Bligh
- Re: [dnsext] does making names the same NEED prot… Phillip Hallam-Baker
- Re: [dnsext] does making names the same NEED prot… Andrew Sullivan
- Re: [dnsext] does making names the same NEED prot… Phillip Hallam-Baker
- Re: [dnsext] does making names the same NEED prot… Tony Finch
- Re: [dnsext] does making names the same NEED prot… Michael Graff
- Re: [dnsext] does making names the same NEED prot… Nicholas Weaver
- Re: [dnsext] does making names the same NEED prot… Andrew Sullivan
- Re: [dnsext] does making names the same NEED prot… Nicholas Weaver
- Re: [dnsext] does making names the same NEED prot… Brian Dickson
- Re: [dnsext] does making names the same NEED prot… Andrew Sullivan
- Re: [dnsext] does making names the same NEED prot… Ted Hardie
- Re: [dnsext] slave signing, was does making names… John Levine
- Re: [dnsext] slave signing, was does making names… Phillip Hallam-Baker
- Re: [dnsext] slave signing, was does making names… John Levine
- Re: [dnsext] slave signing, was does making names… Phillip Hallam-Baker
- Re: [dnsext] the same in old days, was making nam… John Levine
- Re: [dnsext] slave signing, was does making names… John Levine
- Re: [dnsext] the same in old days, was making nam… Alex Bligh
- Re: [dnsext] the same in old days, was making nam… John R. Levine
- Re: [dnsext] the same in old days, was making nam… Alex Bligh
- Re: [dnsext] the same in old days, was making nam… John R. Levine
- Re: [dnsext] the same in old days, was making nam… Phillip Hallam-Baker
- Re: [dnsext] the same in old days, was making nam… Ted Hardie
- Re: [dnsext] the same in old days, was making nam… Eric Brunner-Williams
- Re: [dnsext] the same in old days, was making nam… Ted Hardie
- Re: [dnsext] the same in old days, was making nam… Eric Brunner-Williams
- [dnsext] Terminological precision (was: the same … Andrew Sullivan
- Re: [dnsext] the same in old days, was making nam… Ted Hardie
- Re: [dnsext] does making names the same NEED prot… Olafur Gudmundsson
- Re: [dnsext] the same in old days, was making nam… Doug Barton