Re: [DNSOP] abandoning ANAME and standardizing CNAME at apex

Mark Andrews <marka@isc.org> Wed, 19 September 2018 07:47 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4818C130F91 for <dnsop@ietfa.amsl.com>; Wed, 19 Sep 2018 00:47:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GzFW0fjOQk7Q for <dnsop@ietfa.amsl.com>; Wed, 19 Sep 2018 00:47:17 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2315130F88 for <dnsop@ietf.org>; Wed, 19 Sep 2018 00:47:16 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id C3B133AB03B; Wed, 19 Sep 2018 07:47:16 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 961F1160052; Wed, 19 Sep 2018 07:47:16 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 63982160076; Wed, 19 Sep 2018 07:47:16 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 3JGBvPEoYnDU; Wed, 19 Sep 2018 07:47:16 +0000 (UTC)
Received: from [172.30.42.67] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 2D609160052; Wed, 19 Sep 2018 07:47:12 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <20180919072626.tqbp3lvjz5hcjewc@sources.org>
Date: Wed, 19 Sep 2018 17:47:10 +1000
Cc: JW <jw@pcthink.com>, "dnsop@ietf.org WG" <dnsop@ietf.org>, Mukund Sivaraman <muks@mukund.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <1058C366-3B6B-48C9-8582-50B836C1FFDD@isc.org>
References: <201809182002.w8IK2h4E001689@atl4mhob08.registeredsite.com> <8B9B4571-45EF-4CB3-849E-4056B159540E@isc.org> <20180919072626.tqbp3lvjz5hcjewc@sources.org>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/HE_5NlFm2ZIgRJCHPf0jWkFo34Q>
Subject: Re: [DNSOP] abandoning ANAME and standardizing CNAME at apex
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Sep 2018 07:47:18 -0000


> On 19 Sep 2018, at 5:26 pm, Stephane Bortzmeyer <bortzmeyer@nic.fr>; wrote:
> 
> On Wed, Sep 19, 2018 at 07:24:25AM +1000,
> Mark Andrews <marka@isc.org>; wrote 
> a message of 38 lines which said:
> 
>> As for scripts, you upgrade the tools those scripts use:
>> curl(libcurl), wget, fetch for SH. File::Fetch for perl.  Similar
>> for the other scripting languages. Very few applications actually
>> make socket calls directly for http.
> 
> I hope it is true but I'm not so sure. Any hard data somewhere? My
> purely anecdotal evidence is that I've seen "applications actually
> make socket calls directly for http", one reason probably being it is
> widely teached in schools.

And the number of such applications that connect to names that are served by
CDN and are also at zone apexes such that CNAME doesn’t work is ~0%.  Such
applications need to be upgraded.

I’m sure CDN’s could give Agent string counts for sites where they are
doing DNS hacks for apex names so we could see actual data.  It will be in
their logs.  I’m sure there are employees of such companies reading this.

> HTTP/2 is a good thing here since it is much harder to do it yourself,
> so people will rely on libraries :-)

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org