Re: [DNSOP] Fundamental ANAME problems

Thomas Peterson <> Tue, 06 November 2018 10:22 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4615B130E90 for <>; Tue, 6 Nov 2018 02:22:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id AMfW9eqw3orV for <>; Tue, 6 Nov 2018 02:22:36 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::430]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 91896130F81 for <>; Tue, 6 Nov 2018 02:22:36 -0800 (PST)
Received: by with SMTP id n11-v6so5896131pfb.6 for <>; Tue, 06 Nov 2018 02:22:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=user-agent:date:subject:from:to:message-id:thread-topic:references :in-reply-to:mime-version; bh=LdkOZmfWe7KESPUNuW4M/vUueAbBXj8KDdEhPh4Cv6g=; b=oYAah4z2ICZrcmwYqSq9i5umzpceknRm/+5N/Cvr7/nFzv+ldwjkrYN9tsMTUDxQs2 WML6KIwZCmGOlFos6MS5TG9eEnhYzhHHbtTaobod/X2zezbiVj5L27Ax7jqhu4nEvO/c 6EEdkY+Ynn51SfsnXdom/lHsNF27kbtscIorKe/oIshomEZk33p+Q1iUm8ldk8s10/Qx 6YK8sEw1W0I+QMPJ65FHHjKhysgiV26/FPLhROJu/jqafsZXsXKpvZdcKwIPwrf9kk8g ze9IRGcy4G0x+HKGdHRgHa8OTBmfJSBdw2+d/FwAPTfJYvBf8Y9upJ8Fe4MerIh+Fjbf I5EQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:message-id :thread-topic:references:in-reply-to:mime-version; bh=LdkOZmfWe7KESPUNuW4M/vUueAbBXj8KDdEhPh4Cv6g=; b=QBM+aPgNngoaJzJ+eH//XklTLE29hytDALh2EkiRbVBoYV1hrBzaiAQD+TkhiO6tmo yYo3GN0Sctjg81ncmmSOW7bzjj1am6g+DEWhEsJXsx/QOfl8dKdpuD/CIJskWsWGQ8MG PlfuKCOqyiDz0fcQzzTyuTNw1UgSqLx3hqBiuaVfKtiqHFoZqN83DRsiGALpUmLjT/Xc mTBOUroGP5HoTzHCj+jn692dOajx2D6BZvxR6Ie3Je2AmhFpfghd3BS/U+pLldES0kvd dEFCNrooOSLGzxa2e6QBtDrxJJuRhaLS6+voh9ArDpw286ILp5WbIxT16pJWtdGqi43L 5NRw==
X-Gm-Message-State: AGRZ1gIBGC6r3WAlTWnWIcT/SAqy4coWrKQenhIi6yDT2YyLwWsEQkDP 7fh0pZ2D8iT5nLrRGvBIGtn4rxL59zw=
X-Google-Smtp-Source: AJdET5chGcH/VU1gQxDF5tF/B2+JYuG6lCLxGw9irv/mWl+fX95SPXEnvwnwCyzINzIOsb052bFo+A==
X-Received: by 2002:a63:7154:: with SMTP id b20mr23256155pgn.342.1541499756004; Tue, 06 Nov 2018 02:22:36 -0800 (PST)
Received: from [] ([2001:67c:370:128:9c42:3a92:c1d:4b69]) by with ESMTPSA id s2-v6sm105403463pfk.133.2018. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Nov 2018 02:22:34 -0800 (PST)
User-Agent: Microsoft-MacOutlook/
Date: Tue, 06 Nov 2018 10:22:32 +0000
From: Thomas Peterson <>
To: Olli Vanhoja <>,
Message-ID: <>
Thread-Topic: [DNSOP] Fundamental ANAME problems
References: <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3624344554_1764276496"
Archived-At: <>
Subject: Re: [DNSOP] Fundamental ANAME problems
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 06 Nov 2018 10:22:39 -0000

That may be the case from your own (presumably anecdotal) experience, however I took the Alexa top 1 million websites and queried for A* and CNAME against the www records for the top 10 000 domains. What I found is that approximately 44% returned CNAME records, 56% returning A records.


Code is here if anyone wishes to look.




* I realise that I could have added AAAA. My presumption is that the top 10k websites are not v6 only and at least have an A record in place.


From: DNSOP <> on behalf of Olli Vanhoja <>
Date: Tuesday, 6 November 2018 at 08:24
To: <>
Subject: Re: [DNSOP] Fundamental ANAME problems


In fact if you look at the DNS records some big Internet companies

they rarely use CNAMEs for www but instead you'll see an A record, that might

be even backed by a proprietary ANAME solution.