Re: [DNSOP] Fundamental ANAME problems

Ray Bellis <> Mon, 05 November 2018 15:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0087B130DE6 for <>; Mon, 5 Nov 2018 07:38:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 1HLvp09VdvWh for <>; Mon, 5 Nov 2018 07:38:11 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BA22712D7F8 for <>; Mon, 5 Nov 2018 07:38:11 -0800 (PST)
Received: from ([]:54574 helo=Rays-MacBook-Pro.local) by ([]:465) with esmtpsa ( (TLS1.0:RSA_AES_128_CBC_SHA1:16) id 1gJgx3-0003eL-Op (Exim 4.72) for (return-path <>); Mon, 05 Nov 2018 15:38:07 +0000
References: <> <> <> <>
From: Ray Bellis <>
Message-ID: <>
Date: Mon, 05 Nov 2018 22:38:04 +0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.3.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [DNSOP] Fundamental ANAME problems
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 05 Nov 2018 15:38:14 -0000

On 05/11/2018 18:55, Joe Abley wrote:

> 2. Find a client-side solution to this, and try really hard not to 
> invent something new that is really just SRV with a hat and a false 
> moustache.

There *is* a big failing of SRV that's independent of the CNAME apex use 
case, and that is its lack of support for wildcards.  Since my proposal 
doesn't use underscore prefix labels, wildcards will work, and this is 
an important requirement for some large website operators.

The cost to the DNS community of *trying* my proposed HTTP record is 
pretty negligible.  Worst case, as Brian put it, is we burn a code 
point, add a trivial amount of code to DNS servers, but the browsers 
don't adopt it.  It wouldn't be the first time, it won't be the last.

However, it only takes one of the big browser vendors to decide they'll 
support it and I think the rest will shortly thereafter follow suit.

NB: this proposal currently satisfies the criteria for assignment via
expert review per RFC 6895.