Re: [DNSOP] abandoning ANAME and standardizing CNAME at apex

"John Levine" <johnl@taugh.com> Fri, 06 July 2018 16:33 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A2BD131065 for <dnsop@ietfa.amsl.com>; Fri, 6 Jul 2018 09:33:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=QWDj637W; dkim=pass (1536-bit key) header.d=taugh.com header.b=pNU30X2W
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kwT4jhoEO4UB for <dnsop@ietfa.amsl.com>; Fri, 6 Jul 2018 09:33:18 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E727B131083 for <dnsop@ietf.org>; Fri, 6 Jul 2018 09:33:17 -0700 (PDT)
Received: (qmail 7901 invoked from network); 6 Jul 2018 16:33:17 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=1ed4.5b3f99cd.k1807; bh=9cr3yHpGbpmQ9y2d0z+xweQCpyhr8Hx8YHBHnBgoq1k=; b=QWDj637W/YZt8WMXneKUI6nAC1a72mmXNG/uLyEgQoNP2F/UBmubc4PPRAeMId4aauzxUxpk0IeG/sfKSpqMImmlg+sP5zW0RokqB221Iz+ikPjrygx/wB1bdugzHjKF0fVl/pyQSwZ2TtBL0hG12lzEJsmlLb9wyFT2T5cuR2utkl5nkTxa3ugUMkgCZNDIvaA47NmD/AZDKhovt4EWfTv99vAKsbY08zins78rJQ3hP8I3rEugojppKSeNDw0t
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=1ed4.5b3f99cd.k1807; bh=9cr3yHpGbpmQ9y2d0z+xweQCpyhr8Hx8YHBHnBgoq1k=; b=pNU30X2WDIH+Eo/uwFJfKt0GxuIo+xpU3wiMQ8pXBZKIDhXCnm5uUTFY/xDbEOEu5Mv4GjdUv7F2LiW/ZgrJ9A/6jtVWIWxlbZG6gOqQlqk8hTp+8+58rKJJPL+t0say91cCcYneyf4BU4aYvmtk4hsPzmgs/ftdyzecpogYhmMv0zel1X3lS0pdfrTj0n3UNwCcUHlP2o3RjIfXrsFSLiWksd9M9F3QW9q7/H/YNVFKYKoB4l6AG+axqEsC3Rtk
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 06 Jul 2018 16:33:16 -0000
Received: by ary.qy (Postfix, from userid 501) id 6E98528E7D03; Fri, 6 Jul 2018 12:33:15 -0400 (EDT)
Date: Fri, 06 Jul 2018 12:33:15 -0400
Message-Id: <20180706163316.6E98528E7D03@ary.qy>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
Cc: paul@redbarn.org
In-Reply-To: <5B3E8242.1010709@redbarn.org>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/7_k5y0H0QNDJ5F099KTSH3fhUZQ>
Subject: Re: [DNSOP] abandoning ANAME and standardizing CNAME at apex
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jul 2018 16:33:29 -0000

In article <5B3E8242.1010709@redbarn.org> you write:
>i think you will find that there is no dnssec-compatible way to solve 
>this problem without upgrades to both authority AND recursive AND stub 
>dns agents, AND to the getnameinfo-or-similar API. if i'm right, it'll 
>be necessary to make hard choices, such has, reconsider the constraints.

You're probably right, but I think that ANAME would need as many
upgrades, just in slightly different places.

Using CNAME has the (perhaps hypothetical) advantage that if we do it,
a lot of existing zone files that are now invalid will have become valid
with defined semantics.

R's,
John