Re: [dnsext] we need help to make names the same, was draft-yao-dnsext-identical-resolution-02 comment

[John Levine <johnl@iecc.com>]

>* A solution must not (should not?) require client changes to be useful;

To me this is the key issue.

If you just want something that will return similar DNS records for all
of variants of a name, the technical issues are pretty straightforward.

But as has often been noted, many protocols such as HTTP and SMTP
depend on the actual domain name, so nothing the DNS does to make
stuff "the same" will make variants of a domain name work.
Considering the number of variants that a name can have, e.g., M^N for
any name with N characters that have M variants, any approach that
provisions the HTTP and SMTP servers manually is likely to fail in
practice, since the various lists of equivalent domains will always
get out of sync.

It would not be absurd to argue that the most reasonable way to solve
the provisioning issues is for the SMTP and HTTP servers to ask the
DNS what the canonical name for an otherwise unknown name is, so those
servers are just provisioned with the canonical name and an "allow
variants" flag.

I'm pretty tight with the SMTP crowd, and I have no idea how such a
proposal would be received, although once they understand the problem,
I suspect they'd eventually agree this was the least bad option.  No
idea what HTTP and any other protocols that use the domain name would
do, but I think it's the reasonable approach.

Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly