[DNSOP] fyi [Pdns-users] Please test: ALIAS/ANAME apex record in PowerDNS
bert hubert <bert.hubert@netherlabs.nl> Sun, 21 September 2014 11:52 UTC
Return-Path: <ahu@xs.powerdns.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DB6A1A00A9 for <dnsop@ietfa.amsl.com>; Sun, 21 Sep 2014 04:52:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.653
X-Spam-Level:
X-Spam-Status: No, score=-1.653 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RP_MATCHES_RCVD=-1.652] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PW6EIik8GWKF for <dnsop@ietfa.amsl.com>; Sun, 21 Sep 2014 04:52:26 -0700 (PDT)
Received: from xs.powerdns.com (xs.powerdns.com [IPv6:2001:888:2000:1d::2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC5A51A008F for <dnsop@ietf.org>; Sun, 21 Sep 2014 04:52:25 -0700 (PDT)
Received: from ahu by xs.powerdns.com with local (Exim 4.71) (envelope-from <ahu@xs.powerdns.com>) id 1XVfgk-0006rE-E9 for dnsop@ietf.org; Sun, 21 Sep 2014 13:52:22 +0200
Date: Sun, 21 Sep 2014 13:52:22 +0200
From: bert hubert <bert.hubert@netherlabs.nl>
To: dnsop@ietf.org
Message-ID: <20140921115222.GB16178@xs.powerdns.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-06-14)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/R3xnP73ZGNCY6ZHAUFt6W7QO05o
Subject: [DNSOP] fyi [Pdns-users] Please test: ALIAS/ANAME apex record in PowerDNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Sep 2014 11:52:28 -0000
Hi everybody, Your input on the initial implementation described below would be most appreciated. I see this as a dns operations issue since it does not describe an on-the wire change, except when we do AXFR perhaps. It is mostly a feature. However, even features could have interoperability issues, and it would be nice if we were aligned. The last forwared paragraph below says "Please let us know your thoughts based on the semantics outlined above. Would this work for you? Do you miss anything? Is there a need for multiple ALIAS statements for load balancing? Are we needlessly incompatible with existing implementations? Is there standardization work we could align against?" Thanks! Bert ----- Forwarded message from bert hubert <bert.hubert@netherlabs.nl> ----- Date: Sun, 21 Sep 2014 12:54:07 +0200 From: bert hubert <bert.hubert@netherlabs.nl> To: pdns-users@mailman.powerdns.com Subject: [Pdns-users] Please test: ALIAS/ANAME apex record in PowerDNS Hi everybody, Based on strong user interest, we are fast-tracking the implementation of ALIAS/ANAME records, to solve the 'CNAME at apex' problem. Because of the fast-tracking, we need rapid feedback to see if we got it right (see the end of the mail for details). In short, you can CNAME 'www.yourdomain.com' to a CDN or somewhere else, but you can't CNAME 'yourdomain.com', since that breaks DNS. This blogpost by CloudFlare expands on the problem: https://support.cloudflare.com/hc/en-us/articles/200169056-CNAME-Flattening-RFC-compliant-support-for-CNAME-at-the-root Today, we implemented ALIAS support as an experimental PowerDNS feature, which allows the following: $ORIGIN example.com. @ IN SOA ns1 ahu 2014091619 7200 3600 1209600 3600 @ IN NS ns1 @ IN NS ns2 www IN CNAME xs.powerdns.com. ns1 IN A 1.2.3.4 ns2 IN A 4.3.2.1 @ IN ALIAS www.powerdns.com. @ IN MX 25 outpost.ds9a.nl. elsewhere IN CNAME @ The branch can be found on https://github.com/PowerDNS/pdns/tree/alias and we should have packages soon. The current semantics for the ALIAS pseudo-record are that they only match if no real record did. So in the case above, an MX query for example.com would return "25 outpost.ds9a.nl". But a query for AAAA would return the IPv6 address obtained by following the www.powerdns.com CNAME chain to xs.powerdns.com. This also works for all other record types, btw. Our implementation uses a defined resolver to look up the actually requested record, and adds the data found to the packet built so far. This means that querying 'elsewhere.example.com' will include a CNAME to example.com, which in turn will lead to processing of the ALIAS record. Finally, for TTL, we currently use what the resolver gave us. But perhaps we could use the TTL of the ALIAS record instead, or as a maximum? Or minimum? Please let us know your thoughts based on the semantics outlined above. Would this work for you? Do you miss anything? Is there a need for multiple ALIAS statements for load balancing? Are we needlessly incompatible with existing implementations? Is there standardization work we could align against? Your input is highly welcome! Bert PS: the above is currently not yet supported for DNSSEC domains! -- PowerDNS Website: http://www.powerdns.com/ Contact us by phone on +31-15-7850372 _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users ----- End forwarded message -----
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Paul Vixie
- [DNSOP] fyi [Pdns-users] Please test: ALIAS/ANAME… bert hubert
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Paul Hoffman
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… bert hubert
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Dick Franks
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Suzanne Woolf
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Doug Barton
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Doug Barton
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… David Conrad
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Paul Vixie
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… David Conrad
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Colm MacCárthaigh
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Paul Vixie
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Suzanne Woolf
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Tony Finch
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Tony Finch
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Tony Finch
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… John Levine
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Dick Franks
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Tony Finch
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Andrew Sullivan
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Dick Franks
- Re: [DNSOP] DNSSEC and ALIAS/ANAME apex record in… Paul Hoffman
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Tony Finch
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Colm MacCárthaigh
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Olafur Gudmundsson
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… bert hubert
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… bert hubert
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Paul Wouters