Re: [DNSOP] Minimum viable ANAME

Olli Vanhoja <olli@zeit.co> Tue, 26 March 2019 19:31 UTC

Return-Path: <olli@zeit.co>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D30501209A4 for <dnsop@ietfa.amsl.com>; Tue, 26 Mar 2019 12:31:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.236
X-Spam-Level:
X-Spam-Status: No, score=-1.236 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=zeit-co.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MPaY4bDfooT2 for <dnsop@ietfa.amsl.com>; Tue, 26 Mar 2019 12:31:48 -0700 (PDT)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B88A21208BE for <dnsop@ietf.org>; Tue, 26 Mar 2019 12:31:46 -0700 (PDT)
Received: by mail-lj1-x233.google.com with SMTP id r24so11154150ljg.3 for <dnsop@ietf.org>; Tue, 26 Mar 2019 12:31:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zeit-co.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9XN9r7u2nd9HNiQ+L+Z2Niqx4L3UrcyVhBRxEhUAXWs=; b=z5Zmcet3oINYSdl7SKmaS+XgG4FaHgbmu9xa16qEZ7x6QDcJeTBY3DNVWXH0x3AhxM SqG6PoNsJukPQ4Gd5AzBuYBho6gVCQybgM16tzzDqaAdNmJhnre9ukZeCocEfBLUzVfZ yQETK/lzrKcw2RU+1NC+xKBgjPb2kk0onBLlqER2dj5g9vZ+I8XRcrTwrQWdXoidcp/p 6DJnjbVjWEbQxupJIdwL1VgZq2Z++TH1GsgGSvE4U4czkF5Owzj6GYrguaYjiu3R32i/ EoMcvIo2sgkTT+jf4KmwzY9q1YP4WbU3nMktMtBuT5i6CdIBghAcgxZ80KhVaVoTt6gF uk/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9XN9r7u2nd9HNiQ+L+Z2Niqx4L3UrcyVhBRxEhUAXWs=; b=VpWD5wQyHsJ+KiQuNFoxGzzHLXAuWYA0NaMvVQgRcJIcAEitYS1e8PNAIYiwc3XeI7 JeURq3/R1qqp9z09SqGZiIqor91b+uklj/+QX8oGdqCq9ObFVvvl1FReOJjwj2ZGDKbS 0qDlGLrKGHjSJ6r8RBZwtD6hz2ve2IPEKQX8mzWp4zQs8yF4sytgfTZMlh1sSD6o88rK MgSV83nWpDxd4jJvcg0hbC2dngtBOD3jKHWhpnYmSCERFrgwvYxyHfOyu8hTPQS2/mjJ mMPTq4NoAqxfuYHAooT47ClhkRodRvavjcLAtQvC26IXocyYEf7gfPYo7SmFlEo9vz20 UJ4g==
X-Gm-Message-State: APjAAAXDhN3Rm6sXs+e3DXLcKuNB3cSu87BA7I5fKaiEQ8Nps6QtVytE 8a3MHLmQbcE73VOhG4bRnKMapq79FxA4qXM75SNk1A==
X-Google-Smtp-Source: APXvYqx55n2YYCDoMLjjDEua8YmCc8mv1jMiR1Bjch7c+AVQ+pykeBBiCIgGXVwoTn7kvY61K4mVdJ8hQMbpCwoqgrY=
X-Received: by 2002:a2e:5d94:: with SMTP id v20mr15996096lje.138.1553628704945; Tue, 26 Mar 2019 12:31:44 -0700 (PDT)
MIME-Version: 1.0
References: <20180919201401.8E0C220051382A@ary.qy> <08C8A740-D09B-4577-AF2A-79225EDB526B@dotat.at> <20180920061343.GA754@jurassic> <E944887D-51ED-41A0-AC5A-3076743620D8@isoc.org> <acef1f69-8e4f-52cc-dca5-3ada9446e0ee@bellis.me.uk> <CABrJZ5HmCoSsGe2L-JkAsPywhcxyyVkvMmXCvQyJMjWHnMeT_w@mail.gmail.com> <alpine.DEB.2.20.1903261521290.13313@grey.csi.cam.ac.uk> <104ec4ea-296f-1657-5633-f6c1f2684274@pletterpet.nl> <alpine.DEB.2.20.1903261540330.13313@grey.csi.cam.ac.uk> <ec8e6848-c962-56b4-50d5-a7bd4b6d48e6@nic.cz> <CABrJZ5H=Ltora2m6_Gyk=O6+UqT-F704hvoKt5=U-TY7fx8JqA@mail.gmail.com> <CAH1iCioQh_dN=cY42p=Y+kPijEiHHt-oGrwpS=8GAyjy+=xUcg@mail.gmail.com>
In-Reply-To: <CAH1iCioQh_dN=cY42p=Y+kPijEiHHt-oGrwpS=8GAyjy+=xUcg@mail.gmail.com>
From: Olli Vanhoja <olli@zeit.co>
Date: Tue, 26 Mar 2019 20:31:33 +0100
Message-ID: <CABrJZ5FPeP5NQ5qRyOw9BhrB6k+6hUvj32DAcjZBgTryxNMywg@mail.gmail.com>
To: Brian Dickson <brian.peter.dickson@gmail.com>
Cc: =?UTF-8?B?VmxhZGltw61yIMSMdW7DoXQ=?= <vladimir.cunat@nic.cz>, Tony Finch <dot@dotat.at>, dnsop <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/IfnJ-iT_IENGhrZvkQiycIH-Sfw>
Subject: Re: [DNSOP] Minimum viable ANAME
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2019 19:31:50 -0000

On Tue, Mar 26, 2019 at 7:23 PM Brian Dickson
> We need to start with the base requirements, which is, "I want an apex RR that allows HTTP browser indirection just as if there was a CNAME there".
> Sibling records do not behave like CNAMEs, no matter what extra hacks get applied; CNAME processing is done by the resolver.
> The options are, new RRtypes that require resolver upgrades, or RRtypes that are handled by the client application (browser), which benefit from (but do not require) resolver upgrades.
>

I see a huge problem there, let's call it IPv6 problem. During the
transition phase to this new RR we need to have a fallback, right? How
long do we need to have that fallback for old resolvers and browsers?
I'd say approximately until DNS has been replaced by some other tech.
If we are lucky DoH would solve it by doing what those previously
mentioned companies are doing now on their servers, but then we would
cry again that it's the wrong solution.