IETF Logo Mail Archive

Re: [dnsext] Some thoughts on the updated aliasing draft

Mark Andrews <marka@isc.org> Mon, 28 March 2011 01:46 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EB58B3A6765 for <dnsext@core3.amsl.com>; Sun, 27 Mar 2011 18:46:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dgWD9kOyaShR for <dnsext@core3.amsl.com>; Sun, 27 Mar 2011 18:45:47 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by core3.amsl.com (Postfix) with ESMTP id 519A83A6452 for <dnsext@ietf.org>; Sun, 27 Mar 2011 18:45:47 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "bikeshed.isc.org", Issuer "ISC CA" (verified OK)) by mx.pao1.isc.org (Postfix) with ESMTPS id 0E9B8C941E; Mon, 28 Mar 2011 01:47:21 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (unknown [77.78.82.82]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id 61951216C22; Mon, 28 Mar 2011 01:47:20 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (Postfix) with ESMTP id 6F0F9D8E7E9; Mon, 28 Mar 2011 12:47:17 +1100 (EST)
To: John Levine <johnl@iecc.com>
From: Mark Andrews <marka@isc.org>
References: <20110327192512.90424.qmail@joyce.lan>
In-reply-to: Your message of "27 Mar 2011 19:25:12 -0000." <20110327192512.90424.qmail@joyce.lan>
Date: Mon, 28 Mar 2011 12:47:17 +1100
Message-Id: <20110328014717.6F0F9D8E7E9@drugs.dv.isc.org>
Cc: dnsext@ietf.org
Subject: Re: [dnsext] Some thoughts on the updated aliasing draft
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2011 01:46:22 -0000

In message <20110327192512.90424.qmail@joyce.lan>, "John Levine" writes:
> >if we're allowed by the people asking for this to require dns client
> >libraries and applications to have to be changed to handle a new kind
> >of canonicalization before they'll be able to handle the new
> >definition of "sameness" then this is a practical approach.
> 
> It seems to me that we can divide applications into two groups.  In one
> group, the client uses the name to find a server, but the name never
> appears in the data stream or only appears as a comment.  This includes
> FTP, SSH, POP, and IMAP.  Something like BNAME would be adequate to make
> names look the same to users.  I'd say these applications don't know
> what their names are.
> 
> In the other group, the domain name appears in the data stream, and
> the server does something with it beyond resolving it to an A or AAAA
> record.  The standard examples are SMTP and HTTP.  These apps do know
> what their names are, and the only alternatives I see are a great deal
> of manual provisioning, or else they learn how to check the DNS to see
> whether a hitherto unknown name in the data stream is an alias of a
> canonical name that it does know.  So, yeah, the applications will
> eventually have to change.

And SMTP had it correct for the second group.  If the SMTP client
sees the CNAME it re-writes the names in the SMTP exchange to use
the cannonical host name.  The SMTP server never see the alias.

HTTP administrators often miss use CNAME.

"www.example.net CNAME example.net" where the same content is
returned regardless of the the presense of www in the HTTP
stream is correct usage of CNAME.

If you use CNAME and you get different content then you are miss
using CNAME.  It's not being using to find the cannonical name for
the host.

Whether it is a virtual host or a name virtual host, the target of
the CNAME record is not the cannonical host name of the (named)
virtual host.  It is the hosting server for that site and that is
a very different thing.

> >From the point of view of DNS design, I'd want something that returns
> an appropriate A or AAAA for the first group, and offers a
> straightforward way for the second group to see what's an alias of
> what.
> 
> For a transition, it's still possible to configure the second group
> manually, but it'd be a lot easier if they got smarter so people
> didn't have to do so.
> 
> R's,
> John
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email