Re: [dnsext] draft-yao-dnsext-identical-resolution-02 comment

"Vaggelis Segredakis" <> Mon, 14 February 2011 15:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2C44D3A6D71 for <>; Mon, 14 Feb 2011 07:01:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.966
X-Spam-Status: No, score=-6.966 tagged_above=-999 required=5 tests=[AWL=-0.633, BAYES_00=-2.599, GB_I_LETTER=-2, J_CHICKENPOX_55=0.6, RCVD_IN_DNSWL_MED=-4, SARE_URI_EQUALS=1.666]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id GBOHwBOuWrgQ for <>; Mon, 14 Feb 2011 07:01:20 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 9CE813A6D67 for <>; Mon, 14 Feb 2011 07:01:19 -0800 (PST)
Received: from ( []) by (8.14.3/ICS-FORTH/V10-1.8-GATE) with ESMTP id p1EF1TZ6011986; Mon, 14 Feb 2011 17:01:31 +0200 (EET)
X-AuditID: 8b5b9d47-b7c88ae0000076fe-b0-4d5943c8a189
Received: from ( []) by (SMTP Outbound / FORTH / ICS) with SMTP id B8.D5.30462.9C3495D4; Mon, 14 Feb 2011 17:01:29 +0200 (EET)
Received: from Thanatos ( []) (authenticated bits=0) by (8.14.3//ICS-FORTH/V10.3.0C-EXTNULL-SSL-SASL) with ESMTP id p1EF1Rug026365 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Mon, 14 Feb 2011 17:01:27 +0200
X-ICS-AUTH-INFO: Authenticated user: segred at
From: "Vaggelis Segredakis" <>
To: "'Suzanne Woolf'" <>
References: <> <> <> <> <>
Date: Mon, 14 Feb 2011 17:05:02 +0200
Message-ID: <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <>
thread-index: AcvMFluzhPD0gNuqQ5+rathPNkqPfwAP6Krg
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994
X-Brightmail-Tracker: AAAAAA==
X-j-chkmail-Score: MSGID : 4D5943C9.000 on mailgate : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
Cc:, 'Olafur Gudmundsson' <>
Subject: Re: [dnsext] draft-yao-dnsext-identical-resolution-02 comment
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 14 Feb 2011 15:01:21 -0000

Dear Suzanne,

>The previous version of the document used your previous messages on
>Greek as an example of the "bundling" requirement, however I can't
>find any previous reference to specific problems you might have had
>with DNAME. Could you elaborate?

We have given the DNAME option to our registrants for less hassle in setting
up their DNS. Although it is OK if you just try to set, unfortunately you cannot use it to send and expect it to arrive to because<> This way, our actual assistance to the registrant is
very limited and anyone choosing not to set up a zone for each name of the
bundle gets limited operation for the rest of the bundle names. 

As I explained before, since a user expects to type a domain name with tonos
or the same domain without the tonos and end up with the same result
(remember, in Greek words are spelled with tonos in small case letters but
without in Caps) the user experience is severely damaged when this is not
happening flawlessly, as expected if the domain was in Latin. We try to find
a solution to amend this issue and we came to the conclusion that a BNAME
sort of solution is necessary.

>However, it's also been strongly argued here that there's no way to
>support "aliases" in the DNS without application support, particularly
>without introducing inconsistencies in handling of certificates and
>other objects that rely on domain names. So the tension that needs to
>be explained in the next version of the document is between the need
>for providing this kind of "help" to applications, and the challenge
>of getting them to use it.

I can understand that a number of issues would need to be sorted before such
a solution could be used. However I believe that there is a need for it.
Furthermore, there is a logical gap between CNAME and DNAME if CNAME+DNAME
cannot co-exist and we do nothing to change this.

>The thing that worries me about this is that the registry can provide
>BNAMEs, but if applications don't make use of the "sameness"
>semantics, we haven't really gained anything....

I expect it could take some time for the applications to adapt to such a
solution but I keep reminding to myself that DNAME as well took some time to
be deployed although it was a useful add-on to the DNS.

>Whether there's a meeting of DNSEXT in Prague or not, the WG version
>of this draft will ship soon so we can continue the discussion.

This is very good to know :)


Vaggelis Segredakis