Re: [dnsext] we need help to make names the same, was draft-yao-dnsext-identical-resolution-02 comment

John Levine <> Wed, 16 February 2011 03:20 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1C2C83A6C2D for <>; Tue, 15 Feb 2011 19:20:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -111.199
X-Spam-Status: No, score=-111.199 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HABEAS_ACCREDITED_SOI=-4.3, RCVD_IN_BSP_TRUSTED=-4.3, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 4Q2UNiNaS1cE for <>; Tue, 15 Feb 2011 19:20:56 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id AE22E3A6B77 for <>; Tue, 15 Feb 2011 19:20:55 -0800 (PST)
Received: (qmail 42053 invoked from network); 16 Feb 2011 03:21:21 -0000
Received: from ( by with QMQP; 16 Feb 2011 03:21:21 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple;; h=date:message-id:from:to:subject:in-reply-to:cc:mime-version:content-type:content-transfer-encoding:vbr-info; s=a9d3.4d5b42b0.k1102;; bh=n/8YrJuU3v7JbAnMIivIuxZtorsXMj4ejssVTOyen+8=; b=LUQBlhbJwCz137zPmoe+fHHsbgirbecDrHgIB05yRjMYWg364S0NPV6oM7yr54RGzWZXaN5O+RkzRWCtSGvIW5OqkbK6Ek5joCnHFCCq7r/fIDpU764VtotiqAntc7VKhkmW98nApKamOzIcf4MqoNtVpXUJYWc/cKQu8KoTIsA=
VBR-Info:; mc=all;
Date: 16 Feb 2011 03:21:20 -0000
Message-ID: <20110216032120.43474.qmail@joyce.lan>
From: John Levine <>
In-Reply-To: <>
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 7bit
Subject: Re: [dnsext] we need help to make names the same, was draft-yao-dnsext-identical-resolution-02 comment
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 16 Feb 2011 03:20:58 -0000

>* A solution must not (should not?) require client changes to be useful;

To me this is the key issue.

If you just want something that will return similar DNS records for all
of variants of a name, the technical issues are pretty straightforward.

But as has often been noted, many protocols such as HTTP and SMTP
depend on the actual domain name, so nothing the DNS does to make
stuff "the same" will make variants of a domain name work.
Considering the number of variants that a name can have, e.g., M^N for
any name with N characters that have M variants, any approach that
provisions the HTTP and SMTP servers manually is likely to fail in
practice, since the various lists of equivalent domains will always
get out of sync.

It would not be absurd to argue that the most reasonable way to solve
the provisioning issues is for the SMTP and HTTP servers to ask the
DNS what the canonical name for an otherwise unknown name is, so those
servers are just provisioned with the canonical name and an "allow
variants" flag.

I'm pretty tight with the SMTP crowd, and I have no idea how such a
proposal would be received, although once they understand the problem,
I suspect they'd eventually agree this was the least bad option.  No
idea what HTTP and any other protocols that use the domain name would
do, but I think it's the reasonable approach.

John Levine,, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail.