Re: [DNSOP] Any website publishers who use CDNs on the list?
Måns Nilsson <mansaxel@besserwisser.org> Fri, 02 November 2018 21:16 UTC
Return-Path: <mansaxel@besserwisser.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64675129619 for <dnsop@ietfa.amsl.com>; Fri, 2 Nov 2018 14:16:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.221
X-Spam-Level:
X-Spam-Status: No, score=-3.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FROM_EXCESS_BASE64=0.979, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CpYp4dp7nscy for <dnsop@ietfa.amsl.com>; Fri, 2 Nov 2018 14:16:27 -0700 (PDT)
Received: from jaja.besserwisser.org (jaja.besserwisser.org [192.36.115.55]) by ietfa.amsl.com (Postfix) with ESMTP id 1AAD8128BCC for <dnsop@ietf.org>; Fri, 2 Nov 2018 14:16:27 -0700 (PDT)
Received: by jaja.besserwisser.org (Postfix, from userid 1004) id B9F7C9D98; Fri, 2 Nov 2018 22:16:25 +0100 (CET)
Date: Fri, 02 Nov 2018 22:16:25 +0100
From: Måns Nilsson <mansaxel@besserwisser.org>
To: Dan York <york@isoc.org>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>
Message-ID: <20181102211625.GB20885@besserwisser.org>
References: <CCEEBCEF-FE91-49A6-96FE-122A5E025159@isoc.org> <20181102121108.GE12840@besserwisser.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="U+BazGySraz5kW0T"
Content-Disposition: inline
In-Reply-To: <20181102121108.GE12840@besserwisser.org>
X-URL: http://vvv.besserwisser.org
X-Clacks-Overhead: "GNU Sir Terry Pratchett"
X-Purpose: More of everything NOW!
X-happyness: Life is good.
User-Agent: Mutt/1.7.2 (2016-11-26)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/SZtszst4zyf6sH8cQDWoLSKEinE>
Subject: Re: [DNSOP] Any website publishers who use CDNs on the list?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Nov 2018 21:16:29 -0000
Subject: Re: [DNSOP] Any website publishers who use CDNs on the list? Date: Fri, Nov 02, 2018 at 01:11:08PM +0100 Quoting Måns Nilsson (mansaxel@besserwisser.org) > Subject: [DNSOP] Any website publishers who use CDNs on the list? Date: Fri, Nov 02, 2018 at 10:57:33AM +0000 Quoting Dan York (york@isoc.org) > > DNSOP subscribers, > > > > Are there any other publishers of websites on this list who use CDNs in front of their sites - and who are interested in the whole “CNAME at apex” issue? > > I am employed by an organisation who does this. > > I strongly oppose any work being done to slacken the restrictions around > CNAMES. At least in order to bodge together a fix for the "CDN problem". And, now that I've read the backlog, I'd like to apologize for not having done that before, and also point out that I still, more so than before actually, count ANAME as a prime example of a bodge fix to the "CNAME on apex" issue. I have also read the draft. It made me realise that there is more Heath Robinson[0] than I ever could imagine in ANAME. Jumping in and out of secure, signing on the fly, sometimes, et c. It bears all the telltales of a reactive development. It is not that I don't realise there is a need to do /something/. CNAMES don't work for most scenarios. At the risk of sounding like a repetitive bore, what is actually needed is a way to say "for that domain name, apex or not, https[1] services are over there ---->". Without messing up the entire node in the tree and causing special processing in every name server and full service resolver. And without stomping the other interesting protocols that might like a RR on the node to be found. The entire effect that ANAME is supposed to have is achieved easier by publishing URI records. And by getting web browsers to ask for URI first. As a bonus, load balancers that send 302's (which by the way are much faster than DNS resolution, or so I'm told) can listen on 1000s of ports, because we do not have to point to 443 and listen on 80 as backup when we can specify the port and the protocol in the URI RR payload. DNSSEC compatibility? The node we're pointing to can be in another zone or in the same zone. Signed or not. Either way, we have predictable behaviour. If we need dynamic data along the way, we can push that work where it belongs, by putting the service names (domain name part in the URI we point to) in a special zone, perhaps run by the CDN. And the CDN can run a dynamic signed zone on every anycast master if they so wish. Without making much more of a mess than today. All this in RR's that exist today and can be deployed tomorrow. "Warum einfach, wenn es auch kompliziert geht?" -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE SA0XLR +46 705 989668 I'm having a RELIGIOUS EXPERIENCE ... and I don't take any DRUGS [0] "Rube Goldberg" to those from USA. [1] Or whatever, but we've bred a generation of devloprs (sic) who are unable to network without HTTP.
- [DNSOP] Any website publishers who use CDNs on th… Dan York
- Re: [DNSOP] Any website publishers who use CDNs o… Måns Nilsson
- Re: [DNSOP] Any website publishers who use CDNs o… Måns Nilsson
- Re: [DNSOP] Any website publishers who use CDNs o… Evan Hunt
- Re: [DNSOP] Any website publishers who use CDNs o… Joel Jaeggli
- Re: [DNSOP] Any website publishers who use CDNs o… Vladimír Čunát
- Re: [DNSOP] Any website publishers who use CDNs o… Matthew Pounsett
- Re: [DNSOP] Any website publishers who use CDNs o… Patrick Mevzek
- Re: [DNSOP] Any website publishers who use CDNs o… Vladimír Čunát
- Re: [DNSOP] Any website publishers who use CDNs o… Tony Finch
- Re: [DNSOP] Any website publishers who use CDNs o… Paul Vixie
- Re: [DNSOP] Any website publishers who use CDNs o… Tim Wicinski
- Re: [DNSOP] Any website publishers who use CDNs o… Mark Andrews