Re: [DNSOP] abandoning ANAME and standardizing CNAME at apex

Paul Ebersman <> Wed, 20 June 2018 02:09 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3ECA8130E7A for <>; Tue, 19 Jun 2018 19:09:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Vq0PL35yQ1Sm for <>; Tue, 19 Jun 2018 19:08:58 -0700 (PDT)
Received: from ( [IPv6:2001:4f8:3:36::235]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 242F3130E70 for <>; Tue, 19 Jun 2018 19:08:58 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id 4AF8437402E9; Tue, 19 Jun 2018 19:08:56 -0700 (PDT)
Received: by (Postfix, from userid 501) id 4C7A782B3CD; Tue, 19 Jun 2018 22:06:32 -0400 (EDT)
Received: from fafnir.local (localhost []) by (Postfix) with ESMTP id 46F2082B3CC; Tue, 19 Jun 2018 22:06:32 -0400 (EDT)
From: Paul Ebersman <>
To: David Conrad <>
In-reply-to: <>
References: <> <> <> <> <> <> <> <>
Comments: In-reply-to David Conrad <> message dated "Tue, 19 Jun 2018 15:44:46 -0700."
X-Mailer: MH-E 7.4.2; nmh 1.7.1; XEmacs 21.4 (patch 22)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <43662.1529460392.1@fafnir.local>
Date: Tue, 19 Jun 2018 22:06:32 -0400
Message-Id: <>
Archived-At: <>
Subject: Re: [DNSOP] abandoning ANAME and standardizing CNAME at apex
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 20 Jun 2018 02:09:01 -0000

bellis> AIUI, a large part of the supposed issue with SRV was the
bellis> inertia of the installed base of browsers that wouldn't know how
bellis> to access them.

drc> I thought the more fundamental problem was the additional latency
drc> caused by the second lookup since SRV specified domain names as
drc> targets.

You're not mis-remembering this. I hear this from the major browser
folks every time we mention SRV. We may or may not think this isn't
relevent (or that dozens of embedded objects are way slower to load on a
web page) but it doesn't matter. If browser folks believe this and won't
change, we aren't likely to convince them if we haven't by now.

SRV is a technically cleaner solution that will never get deployed...

While I understand cautions about changing CNAME, legacy issues,
etc. I've come more and more to the camp that we lost this argument
years ago and we should just let server software folks allow CNAME at
apex and be done.

This is DNSOP. Operational. The world wants CNAME at apex. Let's give it
to them.