IETF Logo Mail Archive

Re: [DNSOP] status of the aname and svcb/httpsvc drafts

"Andrew M. Hettinger" <AHettinger@Prominic.NET> Tue, 25 February 2020 19:07 UTC

Return-Path: <AHettinger@Prominic.NET>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEFCD3A134B for <dnsop@ietfa.amsl.com>; Tue, 25 Feb 2020 11:07:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IiAMI82Fpvh0 for <dnsop@ietfa.amsl.com>; Tue, 25 Feb 2020 11:07:33 -0800 (PST)
Received: from dispatch1-us1.ppe-hosted.com (dispatch1-us1.ppe-hosted.com [67.231.154.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36B7F3A1343 for <dnsop@ietf.org>; Tue, 25 Feb 2020 11:07:33 -0800 (PST)
X-Virus-Scanned: Proofpoint Essentials engine
Received: from domino-42.prominic.net (domino-42.prominic.net [199.103.3.42]) by mx1-us3.ppe-hosted.com (PPE Hosted ESMTP Server) with ESMTP id B493E980067; Tue, 25 Feb 2020 19:07:31 +0000 (UTC)
In-Reply-To: <CA+nkc8Coe8D1ECfrRwRUnzJ3azyJfXXUq3HMy63AL-4SOvmaaw@mail.gmail.com>
References: <b34f1b0d-fa65-23d4-1b2b-761b965a2aae@knipp.de> <CAG8jCEzO7zrfL5G5CzdJ=c5wipJgqqHfyeA-a3-QjquoyPYgvg@mail.gmail.com> <3ead518d-f166-1c36-c3e9-18aeb355d160@pletterpet.nl> <20200220221517.GA16177@isc.org> <alpine.DEB.2.20.2002222349530.27562@grey.csi.cam.ac.uk> <CAH1iCiq+rOxs9c8zoJhAWbB6-0SP_WC5onF-DrbekwX=8iR49Q@mail.gmail.com> <CA+nkc8Coe8D1ECfrRwRUnzJ3azyJfXXUq3HMy63AL-4SOvmaaw@mail.gmail.com>
X-KeepSent: 4062C1E9:B42128F1-86258519:006893C9; type=4; name=$KeepSent
To: Bob Harold <rharolde@umich.edu>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>
X-Mailer: IBM Notes Release 9.0.1 October 14, 2013
Message-ID: <OF4062C1E9.B42128F1-ON86258519.006893C9-86258519.00690F29@prominic.net>
From: "Andrew M. Hettinger" <AHettinger@Prominic.NET>
Date: Tue, 25 Feb 2020 13:07:31 -0600
X-MIMETrack: Serialize by Router on domino-42.prominic.net/PNI(Release 10.0.1FP3|August 09, 2019) at 02/25/2020 01:07:31 PM
MIME-Version: 1.0
Content-type: multipart/alternative; Boundary="0__=09BB0F8ADFFB15598f9e8a93df938690918c09BB0F8ADFFB1559"
Content-Disposition: inline
X-MDID: 1582657652-qYdar_fJNLoT
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/QCAuoll-TWW8UqC9t-2xxNccXlM>
Subject: Re: [DNSOP] status of the aname and svcb/httpsvc drafts
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Feb 2020 19:07:36 -0000

Frankly, you've got it exactly the wrong way around: even with httpsvc
speced out completely, it will take time for it to be deployed to browsers.
That's assuming you can get enough buying from (mostly) google to even make
it happen at all. Considering how much push-back was given from that world
on just letting svc entries be an option, I don't really believe that buy
in is going to happen let alone quickly.

Rather then a "quick win" I fear httpssvc is going to be a "slow loss."

Andrew Hettinger
http://Prominic.NET | Skype: AndrewProminic
Tel: 866.339.3169 (toll free) -or- 1.217.356.2888 x. 110 (int'l)
Fax: 866.372.3356 (toll free) -or- 1.217.356.3356            (int'l)

"DNSOP" <dnsop-bounces@ietf.org> wrote on 02/24/2020 08:50:51:

> From: "Bob Harold" <rharolde@umich.edu>
> To: "dnsop@ietf.org WG" <dnsop@ietf.org>
> Date: 02/24/2020 08:51
> Subject: Re:  [External]  [DNSOP] status of the aname and svcb/httpsvc
drafts
> Sent by: "DNSOP" <dnsop-bounces@ietf.org>
>
> Just my opinion, but I would like to focus on HTTPSSVC first, for a
> quick win.  Then work on ANAME - it might not be used much anytime
> soon, but if it reaches 99% of the DNS servers in 10 or 20 years, it
> could solve the problem at the apex for future generations.
>
> --
> Bob Harold
>
> On Sat, Feb 22, 2020 at 8:12 PM Brian Dickson
<brian.peter.dickson@gmail.com
> > wrote:
>
> On Sat, Feb 22, 2020 at 4:01 PM Tony Finch <dot@dotat.at> wrote:
> Evan Hunt <each@isc.org> wrote:
> >
> > CNAME at the apex wasn't really the problem. Getting browsers to
display
> > content from the right CDN server was the problem.
>
> My interest in ANAME is basically nothing to do with CDNs. I want my
users
> to be able to configure aliases by name or address without having to deal
> with incomprehensible restrictions. ("It's always a DNS problem") Ideally
> they should be able to configure aliases by name so that those
responsible
> for the server can move it around without having to reconfigure
ridiculous
> numbers of aliases.
>
> I'm not sure if this is a philosophical thing, or a pragmatic thing.
>
> But the root problem with apex aliasing (CNAME/DNAME/ANAME/etc), is
> the huge deployed base.
> Also, that the original design of DNS didn't have this built in.
> And also, that the whole semantic of CNAME usage is hidden from the
> clients (things querying DNS), rather than exposed to the applications.
> (E.g. should it not be the case that whatever is making the query,
> itself be aware of the aliasing?)
>
> Ultimately, I think this boils down to this observation:
> DNS zone files are not really a good place to implement any user-
> exposed schemes for aliasing, or for maintaining server/name mapping.
>
> Those two things are UI and provisioning, respectively, and both are
> probably handled with systems above or outside of DNS, rather than DNS
itself.
>
> UI for the former (that deals with the DNS oddities), and automation
> or APIs that deal with the latter.
> Whenever there is a need for a bunch of names, plus the apex itself,
> to be treated as synonymous, why does it matter which of those is
> the "target"? That's really a bike-shed issue, IMHO.
> The only time it is a problem, is if the target is external to the
> zone, in which case the single instance at the apex is the problem
> (i.e. the main issue of the ANAME or HTTPSSVC alias-form).
>
> Moving a server (renumbering, etc), always requires synchronization
> between a bunch of systems, only one of which is DNS itself.
> E.g. certificate management, networking, etc.
> Keeping those in sync requires some tooling.
> Thus, adding the DNS component into the tooling doesn't seem to be
cumbersome.
> It is perhaps a place where more infrastructure development to
> handle scaling is required.
>
> I.e., it'd be nice if DNS could deal with these things better, but
> it can't, and it isn't the only possible solution, so, pretty much
> any other solution can be made to work.
> The choice of which alternative is really an implementation
> question, which doesn't require standardization.
> It's analogous to meta-data stuff, which also relates to
> provisioning of DNS itself.
> It's another place where in a parallel universe, it might have been
> good to have been included in the design of DNS.
>
> Brian
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

v2.23.0 | Report a Bug | By Email