IETF Logo Mail Archive

Re: [DNSOP] Minimum viable ANAME

Tony Finch <dot@dotat.at> Wed, 19 September 2018 21:08 UTC

Return-Path: <dot@dotat.at>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE5B8128BAC for <dnsop@ietfa.amsl.com>; Wed, 19 Sep 2018 14:08:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FrLQC9fvB3Gj for <dnsop@ietfa.amsl.com>; Wed, 19 Sep 2018 14:08:53 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8475130ECB for <dnsop@ietf.org>; Wed, 19 Sep 2018 14:08:50 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id CC8BC21448; Wed, 19 Sep 2018 17:08:49 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Wed, 19 Sep 2018 17:08:49 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=2UpiUK NizbsF2peGr+zgPYSU3UdTX28hkqp/VJaxYEU=; b=XoX1JYWVr9tZywGDERzJdl sreB/9kxl8JBzA4gixvvPws4Gjjsb85FsqViEh+lq9uiC6/yxrkv3th9r/6gipxI 36Y1569mTu/R+PutsGwpvZGKHGxeL4fC2FcHQq/ZXWtfQlXbhuk18bDEGjTCF3ue oj9fcVws6t/Zd/DiDB6pU9SdvNNGWlivAN5GhzcaxGDeilm8OkeF9PH/i9e15yyy XvHRMerwCOoySChKpZyNP/JLLWaRihE4R+HSp0MHThWZ96TtMxOt7lBMYGLMFdp7 fu4fFBywp5okJR0zJnt8L45P926ZPULi320WkE0ujGtWqB4dsOyR+m7XEcYD4PMA ==
X-ME-Proxy: <xmx:4bqiWzfLXNvg33g1g0Mw8RhMDnN1DaJPTzYGcRy_owbOXmZ1CES08Q> <xmx:4bqiW2nnSSQugdADFq-wsjbpfSuBcboBZbm_k2lp2ZU72KgdYmW2Ow> <xmx:4bqiW4jSDRFKkXluyNjBFxW9m7NT5CWRrjqazatrDt9Kka9cDVxi1A> <xmx:4bqiW4pWM1VPv-ph_80yA9A4vFwP9Rx6WsV0a0_0NqLzW3wTYaDmlw> <xmx:4bqiW7QgcBb0tFsEqu6Op7R4dLSbGm4VLP7Y7w81HYyumiG8aaEZwA> <xmx:4bqiW4yW_qhTjZN_q4k8HCUpxsjqc07A25nYjZqcLi9yz4wEzZ_xXA>
X-ME-Sender: <xms:4bqiW-_iYzymiR2ZAFpXTdLMc2dfY9_JhVYykk6n0DfF9UryTinIwQ>
Received: from [192.168.1.231] (unknown [195.147.34.210]) by mail.messagingengine.com (Postfix) with ESMTPA id 0E028E4118; Wed, 19 Sep 2018 17:08:49 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: Tony Finch <dot@dotat.at>
X-Mailer: iPhone Mail (15G77)
In-Reply-To: <20180919201401.8E0C220051382A@ary.qy>
Date: Wed, 19 Sep 2018 22:08:45 +0100
Cc: dnsop@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <08C8A740-D09B-4577-AF2A-79225EDB526B@dotat.at>
References: <20180919201401.8E0C220051382A@ary.qy>
To: John Levine <johnl@taugh.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/HMgx8_H4cWSDjx9UMeWfLKIw8K0>
Subject: Re: [DNSOP] Minimum viable ANAME
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Sep 2018 21:08:56 -0000

> On 19 Sep 2018, at 21:14, John Levine <johnl@taugh.com> wrote:

> If I look up foo and it has an ANAME to bar, which of these do I get
> back?

; ANSWER SECTION
foo. A 1.2.3.4

; ADDITIONAL SECTION
foo. ANAME bar.
bar. A 1.2.3.4

The model is that this is a replacement for manually copying address records, with added hints to resolvers that they might want to re-do the copying in order to get geo-optimized answers or other complicated tricks.

> The second is a lot more like what CNAME does, and also avoids having
> to sign on the fly.

With this model, signing only happens where it currently happens. 

> PS: I still think fixing apex CNAME is a better way to go.

There are still DNS servers out there running on 1990s semantics, so I don’t think CNAME can be fixed any time soon - much of my practical annoyance comes from people asking for CNAME and MX and this combination is doom on a stick because it involves crazy MTA DNS message handlers, not just DNS servers. My guess at deployment timelines is:

* minimal ANAME can be deployed unilaterally on the provisioning side 20 years ago and similar features are widely available (you are ahead of me on this one, John!); if resolvers implement it there will be useful amounts of deployed support within a few years

* browser-friendly SRV replacement: two years to standardization; another two years watching caniuse before we can maybe think about not copying A records around; even more years before it becomes as portable on the provisioning side as ANAME is now

* fix CNAME, at least 10 years

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at

v2.23.0 | Report a Bug | By Email