Re: [DNSOP] Minimum viable ANAME

Matthijs Mekking <matthijs@pletterpet.nl> Tue, 06 November 2018 10:58 UTC

Return-Path: <matthijs@pletterpet.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05853130DC4 for <dnsop@ietfa.amsl.com>; Tue, 6 Nov 2018 02:58:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8h6FVAuqLj3W for <dnsop@ietfa.amsl.com>; Tue, 6 Nov 2018 02:58:21 -0800 (PST)
Received: from aserp2120.oracle.com (aserp2120.oracle.com [141.146.126.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B135B130DDB for <dnsop@ietf.org>; Tue, 6 Nov 2018 02:58:21 -0800 (PST)
Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id wA6ArXFN152915 for <dnsop@ietf.org>; Tue, 6 Nov 2018 10:58:20 GMT
Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by aserp2120.oracle.com with ESMTP id 2nh3mpmf9t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <dnsop@ietf.org>; Tue, 06 Nov 2018 10:58:20 +0000
Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id wA6AwJSh020282 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <dnsop@ietf.org>; Tue, 6 Nov 2018 10:58:19 GMT
Received: from abhmp0008.oracle.com (abhmp0008.oracle.com [141.146.116.14]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id wA6AwJuC028582 for <dnsop@ietf.org>; Tue, 6 Nov 2018 10:58:19 GMT
Received: from [172.19.129.214] (/216.146.45.33) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 06 Nov 2018 02:58:18 -0800
To: dnsop@ietf.org
References: <20180919201401.8E0C220051382A@ary.qy> <08C8A740-D09B-4577-AF2A-79225EDB526B@dotat.at> <20180920061343.GA754@jurassic> <E944887D-51ED-41A0-AC5A-3076743620D8@isoc.org> <acef1f69-8e4f-52cc-dca5-3ada9446e0ee@bellis.me.uk> <683ea769-094a-4f06-5a43-d5cb557f285a@pletterpet.nl> <75d28a7a-826c-6ae4-8df0-7813035d04a0@bellis.me.uk>
From: Matthijs Mekking <matthijs@pletterpet.nl>
Message-ID: <85b54d67-5f58-2cdc-9080-e7bcf86c2995@pletterpet.nl>
Date: Tue, 6 Nov 2018 11:58:15 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <75d28a7a-826c-6ae4-8df0-7813035d04a0@bellis.me.uk>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9068 signatures=668683
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1811060097
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/DtJm0WtVtCnR9kt47fP5MXnrnYU>
Subject: Re: [DNSOP] Minimum viable ANAME
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Nov 2018 10:58:24 -0000


On 06-11-18 10:19, Ray Bellis wrote:
> 
> 
> On 06/11/2018 16:15, Matthijs Mekking wrote:
>> As nice and clean the HTTP record draft is, without specifying how to 
>> do expansion of the record into address records it is not going to 
>> solve the CNAME-at-the-apex problem that DNS providers have, and we 
>> will stick with the proprietary solutions (this may solve a different 
>> use case though).
> 
> They're supposed to be expanded either in the client, or in the 
> recursive resolver, as described in the draft.
> 
> If we're misunderstanding each other, please let me know!

That's the crux: A solution that depends on upgrading the resolvers is 
considered not a (fast enough) deployable solution.

That's why I like ANAME: It allows you to do CNAME-at-the-APEX 
processing without requiring resolvers to be updated, however resolvers 
can implement ANAME to optimize the behavior.

Also the ANAME in its current form does not require (but also does not 
prevent) the resolution to take place inside the name server, it can be 
a simple script that is part of your zone provisioning.

Best regards,
Matthijs


> Ray
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop