Re: [DNSOP] new ANAME draft: draft-hunt-dnsop-aname-00.txt

Mark Andrews <marka@isc.org> Tue, 11 April 2017 20:37 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DE451274D2 for <dnsop@ietfa.amsl.com>; Tue, 11 Apr 2017 13:37:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eI1wkqPjY8OG for <dnsop@ietfa.amsl.com>; Tue, 11 Apr 2017 13:37:20 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE529129AE5 for <dnsop@ietf.org>; Tue, 11 Apr 2017 13:37:20 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 99CDF349420; Tue, 11 Apr 2017 20:37:17 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 5399C160048; Tue, 11 Apr 2017 20:37:17 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 2C4CC160070; Tue, 11 Apr 2017 20:37:17 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id DZkHw7qzK-96; Tue, 11 Apr 2017 20:37:17 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id A30B1160048; Tue, 11 Apr 2017 20:37:16 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id C60FD6B23435; Wed, 12 Apr 2017 06:37:14 +1000 (AEST)
To: Florian Weimer <fweimer@redhat.com>
Cc: Tony Finch <dot@dotat.at>, dnsop <dnsop@ietf.org>, Paul Wouters <paul@nohats.ca>
From: Mark Andrews <marka@isc.org>
References: <20170407181139.GB66383@isc.org> <cc3bbc7a-3f48-2f7f-a3d9-3f752874fc00@redhat.com> <alpine.DEB.2.11.1704111641290.4393@grey.csi.cam.ac.uk> <alpine.LRH.2.20.999.1704111147390.8670@bofh.nohats.ca> <alpine.DEB.2.11.1704111928520.4393@grey.csi.cam.ac.uk> <763184bf-06ec-8320-07ff-9117b08cc509@redhat.com> <CC41BD92-4151-4A28-9D7D-EFF9978822A2@dotat.at> <fac97c1e-325a-e9ef-3681-c01782bb3c4e@redhat.com> <F5CDCCDF-615A-4A25-B98E-C8D34FE72CD0@dotat.at> <b4663aaa-dfb2-60d5-0a59-7b6410d927e6@redhat.com>
In-reply-to: Your message of "Tue, 11 Apr 2017 22:20:31 +0200." <b4663aaa-dfb2-60d5-0a59-7b6410d927e6@redhat.com>
Date: Wed, 12 Apr 2017 06:37:14 +1000
Message-Id: <20170411203714.C60FD6B23435@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/1kKVSgCWMP5iAYik_9vcIqhVk6Y>
Subject: Re: [DNSOP] new ANAME draft: draft-hunt-dnsop-aname-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Apr 2017 20:37:22 -0000

In message <b4663aaa-dfb2-60d5-0a59-7b6410d927e6@redhat.com>om>, Florian Weimer writes:
> On 04/11/2017 10:15 PM, Tony Finch wrote:
> >
> >> On 11 Apr 2017, at 20:39, Florian Weimer <fweimer@redhat.com> wrote:
> >>> On 04/11/2017 09:15 PM, Tony Finch wrote:
> >>>
> >>> That doesn't work if the web server is at 3rd party provider A but you want provider B's mail service not provider A's.
> >>
> >> I don't understand.
> >>
> >> I think it boils down to who operates the target DNS zone and how flexible they are.  It has nothing to do with who runs the 
> web server.
> >
> > In many cases the ANAME target will be a mass web hosting provider which doesn't have any flexibility in their DNS setup.
> 
> And in order to accommodate them, we upgrade the DNS server 
> infrastructure across the Internet?
> 
> I understand that's how things work in practice, but I don't kike it.
> 
> > And you still don't want CNAME pointing at MX because of the interop problems.
> 
> CNAME to MX is fine.  Isn't this what's relevant here?
> 
> Thanks,
> Florian

There are times when you want the MX of the owner of the CNAME to
be different to the target of the CNAME.  Similarly for every other
record type.

CNAME has NEVER been the correct record to point to a server for a
service.  We are here because browser vendors refuse to actually
use good practices with the DNS.  To follow best practice examples
(e.g. MX records).

Mark

> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org