Re: [dnsext] Some thoughts on the updated aliasing draft
Mark Andrews <marka@isc.org> Mon, 28 March 2011 01:46 UTC
Return-Path: <marka@isc.org>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EB58B3A6765 for <dnsext@core3.amsl.com>; Sun, 27 Mar 2011 18:46:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dgWD9kOyaShR for <dnsext@core3.amsl.com>; Sun, 27 Mar 2011 18:45:47 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by core3.amsl.com (Postfix) with ESMTP id 519A83A6452 for <dnsext@ietf.org>; Sun, 27 Mar 2011 18:45:47 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "bikeshed.isc.org", Issuer "ISC CA" (verified OK)) by mx.pao1.isc.org (Postfix) with ESMTPS id 0E9B8C941E; Mon, 28 Mar 2011 01:47:21 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (unknown [77.78.82.82]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id 61951216C22; Mon, 28 Mar 2011 01:47:20 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (Postfix) with ESMTP id 6F0F9D8E7E9; Mon, 28 Mar 2011 12:47:17 +1100 (EST)
To: John Levine <johnl@iecc.com>
From: Mark Andrews <marka@isc.org>
References: <20110327192512.90424.qmail@joyce.lan>
In-reply-to: Your message of "27 Mar 2011 19:25:12 -0000." <20110327192512.90424.qmail@joyce.lan>
Date: Mon, 28 Mar 2011 12:47:17 +1100
Message-Id: <20110328014717.6F0F9D8E7E9@drugs.dv.isc.org>
Cc: dnsext@ietf.org
Subject: Re: [dnsext] Some thoughts on the updated aliasing draft
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2011 01:46:22 -0000
In message <20110327192512.90424.qmail@joyce.lan>, "John Levine" writes: > >if we're allowed by the people asking for this to require dns client > >libraries and applications to have to be changed to handle a new kind > >of canonicalization before they'll be able to handle the new > >definition of "sameness" then this is a practical approach. > > It seems to me that we can divide applications into two groups. In one > group, the client uses the name to find a server, but the name never > appears in the data stream or only appears as a comment. This includes > FTP, SSH, POP, and IMAP. Something like BNAME would be adequate to make > names look the same to users. I'd say these applications don't know > what their names are. > > In the other group, the domain name appears in the data stream, and > the server does something with it beyond resolving it to an A or AAAA > record. The standard examples are SMTP and HTTP. These apps do know > what their names are, and the only alternatives I see are a great deal > of manual provisioning, or else they learn how to check the DNS to see > whether a hitherto unknown name in the data stream is an alias of a > canonical name that it does know. So, yeah, the applications will > eventually have to change. And SMTP had it correct for the second group. If the SMTP client sees the CNAME it re-writes the names in the SMTP exchange to use the cannonical host name. The SMTP server never see the alias. HTTP administrators often miss use CNAME. "www.example.net CNAME example.net" where the same content is returned regardless of the the presense of www in the HTTP stream is correct usage of CNAME. If you use CNAME and you get different content then you are miss using CNAME. It's not being using to find the cannonical name for the host. Whether it is a virtual host or a name virtual host, the target of the CNAME record is not the cannonical host name of the (named) virtual host. It is the hosting server for that site and that is a very different thing. > >From the point of view of DNS design, I'd want something that returns > an appropriate A or AAAA for the first group, and offers a > straightforward way for the second group to see what's an alias of > what. > > For a transition, it's still possible to configure the second group > manually, but it'd be a lot easier if they got smarter so people > didn't have to do so. > > R's, > John -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- [dnsext] Some thoughts on the updated aliasing dr… Ted Hardie
- Re: [dnsext] Some thoughts on the updated aliasin… John Levine
- Re: [dnsext] Some thoughts on the updated aliasin… Paul Vixie
- Re: [dnsext] Some thoughts on the updated aliasin… Suzanne Woolf
- Re: [dnsext] Some thoughts on the updated aliasin… Ted Hardie
- Re: [dnsext] Some thoughts on the updated aliasin… John Levine
- Re: [dnsext] Some thoughts on the updated aliasin… Paul Vixie
- Re: [dnsext] Some thoughts on the updated aliasin… Suzanne Woolf
- Re: [dnsext] Some thoughts on the updated aliasin… John Levine
- Re: [dnsext] Some thoughts on the updated aliasin… Suzanne Woolf
- Re: [dnsext] Some thoughts on the updated aliasin… Mark Andrews
- Re: [dnsext] Some thoughts on the updated aliasin… Masataka Ohta
- Re: [dnsext] Some thoughts on the updated aliasin… John R. Levine
- Re: [dnsext] Some thoughts on the updated aliasin… Cary Karp
- Re: [dnsext] Some thoughts on the updated aliasin… Xiaodong Lee
- Re: [dnsext] Some thoughts on the updated aliasin… Paul Vixie
- Re: [dnsext] Some thoughts on the updated aliasin… Alex Bligh
- Re: [dnsext] Some thoughts on the updated aliasin… Tony Finch
- Re: [dnsext] Some thoughts on the updated aliasin… Tony Finch
- Re: [dnsext] Some thoughts on the updated aliasin… John Levine
- Re: [dnsext] Some thoughts on the updated aliasin… Douglas Otis
- Re: [dnsext] Some thoughts on the updated aliasin… Florian Weimer
- Re: [dnsext] Some thoughts on the updated aliasin… Tony Finch
- Re: [dnsext] Some thoughts on the updated aliasin… Doug Barton