Re: [DNSOP] new ANAME draft: draft-hunt-dnsop-aname-00.txt

Tony Finch <dot@dotat.at> Fri, 21 April 2017 09:57 UTC

Return-Path: <dot@dotat.at>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FD11129480 for <dnsop@ietfa.amsl.com>; Fri, 21 Apr 2017 02:57:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V4-Llw8uYsIX for <dnsop@ietfa.amsl.com>; Fri, 21 Apr 2017 02:57:43 -0700 (PDT)
Received: from ppsw-41.csi.cam.ac.uk (ppsw-41.csi.cam.ac.uk [131.111.8.141]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C76EB1287A5 for <dnsop@ietf.org>; Fri, 21 Apr 2017 02:57:43 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus
Received: from grey.csi.cam.ac.uk ([131.111.57.57]:36124) by ppsw-41.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.139]:25) with esmtps (TLSv1:ECDHE-RSA-AES256-SHA:256) id 1d1VJo-00049N-RJ (Exim 4.89) (return-path <dot@dotat.at>); Fri, 21 Apr 2017 10:57:36 +0100
Date: Fri, 21 Apr 2017 10:57:36 +0100
From: Tony Finch <dot@dotat.at>
To: =?UTF-8?B?56We5piO6YGU5ZOJ?= <jinmei@wide.ad.jp>
cc: Evan Hunt <each@isc.org>, dnsop <dnsop@ietf.org>
In-Reply-To: <CAJE_bqeg1BmDXMoJuHa=OQ1GaMSvLM6B5fpeyoBsrDgGRSEBDQ@mail.gmail.com>
Message-ID: <alpine.DEB.2.11.1704211041490.4393@grey.csi.cam.ac.uk>
References: <20170407181139.GB66383@isc.org> <CAJE_bqd03qfTs+9gXbwJJp5TJOiJG+mUDp8CxFfwmBWRq+2aOg@mail.gmail.com> <alpine.DEB.2.11.1704181339350.4393@grey.csi.cam.ac.uk> <CAJE_bqeg1BmDXMoJuHa=OQ1GaMSvLM6B5fpeyoBsrDgGRSEBDQ@mail.gmail.com>
User-Agent: Alpine 2.11 (DEB 23 2013-08-11)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="1870870841-1006425529-1492768656=:4393"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/9tCsPXd3SPXQtArURwiGV63W3Dk>
Subject: Re: [DNSOP] new ANAME draft: draft-hunt-dnsop-aname-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Apr 2017 09:57:45 -0000

神明達哉 <jinmei@wide.ad.jp> wrote:
>
> As long as those records are generated from the target name that would
> probably be okay.  But the current draft doesn't seem to enforce it,
> and, (probably unintentionally/implicitly) allows the following setup:
>
> aaaa.example.com. ANAME aaaa.example.net.
> aaaa.example.com. AAAA 2001:db8::aaaa ; not populated from ANAME target
> aaaa.example.net. AAAA 2001:db8::bbbb
>
> This looks more like a prohibited "CNAME + other AAAA for the same
> name" situation to me.

From an implementation's point of view, it can't tell the difference
between this kind of misconfiguration, and legitimate mismatches due to
things like stale address records or addresses obtained from different
views, etc. In all these cases it can either use the addresses it has been
given or replace them with the addresses from the ANAME target.

Hostmasters who set up inconsistent ANAME and addresses will suffer the
consequences :-) Maybe their suffering could be avoided by a suitably
intelligent master file loader or other provisioning thing.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Lundy, Fastnet: Variable 3 or 4. Smooth or slight, occasionally moderate in
southwest Fastnet. Fair. Good.