Re: [DNSOP] abandoning ANAME and standardizing CNAME at apex

Paul Vixie <paul@redbarn.org> Mon, 25 June 2018 17:00 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CB32130E11 for <dnsop@ietfa.amsl.com>; Mon, 25 Jun 2018 10:00:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sH0rdUhdTEuS for <dnsop@ietfa.amsl.com>; Mon, 25 Jun 2018 10:00:33 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DEB70130E0F for <dnsop@ietf.org>; Mon, 25 Jun 2018 10:00:33 -0700 (PDT)
Received: from [IPv6:2001:559:8000:c9:884e:32fa:afac:1c20] (unknown [IPv6:2001:559:8000:c9:884e:32fa:afac:1c20]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id C85FB892A2; Mon, 25 Jun 2018 17:00:33 +0000 (UTC)
Message-ID: <5B311FB1.3040304@redbarn.org>
Date: Mon, 25 Jun 2018 10:00:33 -0700
From: Paul Vixie <paul@redbarn.org>
User-Agent: Postbox 5.0.25 (Windows/20180328)
MIME-Version: 1.0
To: Tony Finch <dot@dotat.at>
CC: Paul Wouters <paul@nohats.ca>, dnsop <dnsop@ietf.org>
References: <CAJhMdTO2kj+nUqESg3ew=wwZuB9OzkJE6pST=mae7pHiEk4-Qw@mail.gmail.com> <20180619190213.B76962846E19@ary.qy> <20180622182752.GA83312@isc.org> <af9b422a-90a0-b204-70d6-12566d7b65dc@bellis.me.uk> <alpine.DEB.2.11.1806251459510.916@grey.csi.cam.ac.uk> <alpine.LRH.2.21.1806251104490.18905@bofh.nohats.ca> <alpine.DEB.2.11.1806251637060.916@grey.csi.cam.ac.uk> <alpine.LRH.2.21.1806251240410.32227@bofh.nohats.ca> <alpine.DEB.2.11.1806251756120.916@grey.csi.cam.ac.uk>
In-Reply-To: <alpine.DEB.2.11.1806251756120.916@grey.csi.cam.ac.uk>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/7WYRfHmlSzHZoh4TEOI2HrkgoB0>
Subject: Re: [DNSOP] abandoning ANAME and standardizing CNAME at apex
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jun 2018 17:00:36 -0000


Tony Finch wrote:
> Paul Wouters<paul@nohats.ca>  wrote:
>> I understand, I just disagree this is the right way. I don't see why
>> this entire problem shouldn't be resolved at the well, resolver level.
>
> I don't see how that can be deployed in a way that is compatible with
> existing software.

there are now a half dozen x.x.x.x (where x is the same in all four 
octets) public anycast resolvers. if they can all be upgraded to handle 
dnssec or ECS, they can all be upgraded to handle something like ANAME.

the "resolver" here is the recursive, not the stub. stubs believe what 
they hear, for good or ill. if we need to change what they hear, it's 
not as impossible as changing what they understand.

-- 
P Vixie