Re: [DNSOP] Fundamental ANAME problems

Olli Vanhoja <olli@zeit.co> Tue, 06 November 2018 08:23 UTC

Return-Path: <olli@zeit.co>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96A32130F5F for <dnsop@ietfa.amsl.com>; Tue, 6 Nov 2018 00:23:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level:
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=zeit-co.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JQAvpqaxs2LX for <dnsop@ietfa.amsl.com>; Tue, 6 Nov 2018 00:23:29 -0800 (PST)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70CD0130E79 for <dnsop@ietf.org>; Tue, 6 Nov 2018 00:23:29 -0800 (PST)
Received: by mail-lj1-x229.google.com with SMTP id x85-v6so10623319ljb.2 for <dnsop@ietf.org>; Tue, 06 Nov 2018 00:23:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zeit-co.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=ushrET094261eTYYtHI3SR3btvEkAW+VQeAR2dWPvCM=; b=QuEcYOdw/iEDTi+FyjFB6GQIsp31LW5nRNYTcvbxMf1DwRmApGDZRrRDMbJMqASZdJ hp5YrVXsZXSVzGZf7oHeU9do5TzmMkONdfXnJtu7hIl5gYwRnBdQjyTxBqpkY10/KEyE fBzXJHyHeko7GKUZRWJRupYkxfTkR0/ik3pHg2HzHMxpvf1NcTVbeoeSWk4fEMEAEhSi 0Na1t+MzT7LCGXvDvUOkUOOJcV5FjXLuk+TQi6ZiG4JIRa1NrAmK8Uj9AMWBRt+UFtsf H1sPArkNq3lfCl3QKvMFxZyuDhhinh3emJ3GJnLeL99W7Fz+PRbbOaOgoOTZPuRfy6/G iFoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=ushrET094261eTYYtHI3SR3btvEkAW+VQeAR2dWPvCM=; b=awsqWiNfq39hOT/t4mlLo/8OYynIger6YfpGQbX6GPC4QI8J8Cr3AJXNeDOhpxrSkb NLhp3aJWoW62z5XfF670KSTAHCZKKhFlLPtV6sL2z9FxSUWZxQgnPIyIQzYIoGie7eAW M1O42sLCz1Fp5hczLprL7ArioB3RIjk/Lx5mMy0lHMVAWhpbaMPhTCPKKcx1QxIsjMDL 14xqNzGarrc0EpznkWKNuLmZr2H6WWcJ177jVz4Y71ayn+lj6ST18F1Qd457SbmyhShB 1c9heSnur8IkV++MVHh9W8m1xqkqkEpuIqszGKhSBle4q2FfvtrBWOHphQmuQW3bjZhk RRlg==
X-Gm-Message-State: AGRZ1gIrMgTSDTaJ8an/Izl9aSTGeMlgdAPkZywnq6TviBMCMmKETMP7 jPAHpNczWtVNvAcH47dSffDYUEeLKWmIMZc44YzdV0RImZY=
X-Google-Smtp-Source: AJdET5c9hgeD4/qUtc2MxudRQfRGOOkacAo6gyk/nYD5hmEs4EpjyutqzpsZaZgRt0j2wyYLb6bo9hcchAIESaB4U4A=
X-Received: by 2002:a2e:8403:: with SMTP id z3-v6mr17755432ljg.121.1541492606983; Tue, 06 Nov 2018 00:23:26 -0800 (PST)
MIME-Version: 1.0
References: <CAH1iCirXYsYB3sAo8f1Jy-q4meLmQAPSFO-7x5idDufdT_unXQ@mail.gmail.com> <CA+nkc8C6yVT62cW5QP-ec2ZT7FY_n48Ecr=CLeE6FS_1duBO8g@mail.gmail.com> <CAJhMdTOwU88BkukodL_zXcK1=JenExX4HL46Zzbw=+btLbDG2A@mail.gmail.com> <20181103193258.GE20885@besserwisser.org> <3E93AE5D-C8AC-496E-85DB-57E6F8E92DF5@frobbit.se> <00158263-85dd-69ce-5299-13ff4c2411c5@bellis.me.uk> <DCBDB76E-E9E8-4FAE-9EF4-56EABFFA9AD1@frobbit.se> <17c409ef-207a-2e53-3496-d98727ecb71d@bellis.me.uk>
In-Reply-To: <17c409ef-207a-2e53-3496-d98727ecb71d@bellis.me.uk>
From: Olli Vanhoja <olli@zeit.co>
Date: Tue, 06 Nov 2018 09:23:14 +0100
Message-ID: <CABrJZ5EWGZcxhxf+VxuRsS+b7eX8cYsLGrHOrVzk_qmoFDKh7A@mail.gmail.com>
To: dnsop@ietf.org
Content-Type: multipart/alternative; boundary="0000000000004385610579fab7bd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/8oRBYTg2pN1LqcXjWi2M_dFJpeA>
Subject: Re: [DNSOP] Fundamental ANAME problems
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Nov 2018 08:23:38 -0000

> > The semantics is exactly like a CNAME + HTTP Redirect.
>
> The latter part is what I expected, and why I think it's a non-starter.
>
> HTTP Redirects cause the URI in the address bar to be changed.  A lot of
> the whole "CNAME at the Apex" issue arises because lots of marketing
> people don't want end users to have to type *or see* the www prefix.
>
> Those folks aren't going to stand for their nice clean "example.com" URL
> getting replaced with the real CDN address in the address bar.

It's not only about what is shown in the address bar but how fast the
website will
start rendering something on the screen. Even resolving a CNAME may add a
proportionally big delay to the TTFB, it could take about the same time as
TLS
negotiation. In fact if you look at the DNS records some big Internet
companies
they rarely use CNAMEs for www but instead you'll see an A record, that
might
be even backed by a proprietary ANAME solution.