Re: [DNSOP] Root reasons (aka "why") - HTTP vs SRV vs ANAME vs CNAME
Tony Finch <dot@dotat.at> Thu, 08 November 2018 18:27 UTC
Return-Path: <dot@dotat.at>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B49F2128BCC for <dnsop@ietfa.amsl.com>; Thu, 8 Nov 2018 10:27:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LSoKRcf4XOVg for <dnsop@ietfa.amsl.com>; Thu, 8 Nov 2018 10:27:05 -0800 (PST)
Received: from ppsw-31.csi.cam.ac.uk (ppsw-31.csi.cam.ac.uk [131.111.8.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02FA012426A for <dnsop@ietf.org>; Thu, 8 Nov 2018 10:27:05 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus
Received: from grey.csi.cam.ac.uk ([131.111.57.57]:47602) by ppsw-31.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.137]:25) with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) id 1gKp1C-000uDj-Lg (Exim 4.91) (return-path <dot@dotat.at>); Thu, 08 Nov 2018 18:27:02 +0000
Date: Thu, 08 Nov 2018 18:27:02 +0000
From: Tony Finch <dot@dotat.at>
To: Ray Bellis <ray@bellis.me.uk>
cc: dnsop@ietf.org
In-Reply-To: <a4087032-acb2-0f2e-f84b-31d2885d8390@bellis.me.uk>
Message-ID: <alpine.DEB.2.20.1811081801580.3596@grey.csi.cam.ac.uk>
References: <CAH1iCirLfSEUcTf=p5bHuFJSFie_BoPh4X=89w2mpxgNpR9HkA@mail.gmail.com> <2BDA0411-202D-4199-A43B-3FDC50DC47F5@isoc.org> <CAH1iCirdkU-jYLRGeOm3DcdsReShyOez3oU5hw5sJYEtQyyqGw@mail.gmail.com> <D378E8F5-A667-4649-90ED-7C3612F0A013@isoc.org> <a4087032-acb2-0f2e-f84b-31d2885d8390@bellis.me.uk>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/9VN-77a1lJiFOhjj2zYpj9qU0LM>
Subject: Re: [DNSOP] Root reasons (aka "why") - HTTP vs SRV vs ANAME vs CNAME
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2018 18:27:08 -0000
Ray Bellis <ray@bellis.me.uk> wrote: > On 08/11/2018 11:47, Dan York wrote: > > > For that reason, wouldn't all the resolvers (or at least an extremely high > > %) need to be upgraded to support the new record? > > They don't _have_ to be, but performance is improved when they are (since only > an upgraded resolver will include the A and AAAA answers in the additional > section). > > The critical path is the browsers, since none of this works unless they > start looking up the HTTP record. > > As a transition mechanism, site operators would still need to publish their > existing A and AAAA records by whatever means they currently do (even if > that's e.g. a CNAME flattening on the authority server). The transition mechanism is really important if zone publishers are going to use HTTP records. It needs to be automated and invisible to the web site admin. If you require people to provide both a target hostname and the corresponding addresses, you are making it too hard. You aren't removing the friction caused by the restrictions on CNAMEs. At the moment the options for setting up 3rd party hosting are: * Just use address records. Lots of places prefer this because it always works, at the cost of less flexible static server setup. * Use a CNAME for www and address records for the bare domain. Maybe the address records refer to a server that is more limited in some way than the CNAME target (no geoIP, just a redirector, ...) HTTP RRs risk adding a third option, where the web provider has to have documentation asking whether the DNS provider supports HTTP RRs and if so the site admin needs both these addresses and this hostname. And the addresses can't refer to a redirector, so this thord option opens a new trap for the unwary. What I would like is to eliminate the wrong choices on the DNS provider side of things, so that the web site admin can provide a target hostname which will work on any name, just like they can with address records. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ Fitzroy, Sole: Cyclonic 5 to 7, becoming southerly or southwesterly 7 to severe gale 9. Very rough or high. Rain or showers. Good, occasionally poor.
- [DNSOP] Root reasons (aka "why") - HTTP vs SRV vs… Brian Dickson
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… p vixie
- Re: [DNSOP] [Ext] Root reasons (aka "why") - HTTP… Paul Hoffman
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Dan York
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Brian Dickson
- Re: [DNSOP] [Ext] Root reasons (aka "why") - HTTP… Paul Vixie
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Dan York
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Ray Bellis
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Brian Dickson
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Mark Andrews
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Måns Nilsson
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Tony Finch
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Mark Andrews
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Tony Finch
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Ray Bellis
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Paul Vixie
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Ray Bellis
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Brian Dickson
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Brian Dickson
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Paul Vixie
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Brian Dickson
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Matthijs Mekking
- [DNSOP] Root reasons (aka "why") - HTTP vs SRV vs… Patrik Fältström
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Måns Nilsson
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Tony Finch