Re: [DNSOP] Fundamental ANAME problems

Thomas Peterson <> Wed, 21 November 2018 11:58 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E71C2128CF2 for <>; Wed, 21 Nov 2018 03:58:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 7S4nt6-rc5c7 for <>; Wed, 21 Nov 2018 03:58:57 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4864:20::330]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 31B8012EB11 for <>; Wed, 21 Nov 2018 03:58:54 -0800 (PST)
Received: by with SMTP id p2-v6so5456035wmc.2 for <>; Wed, 21 Nov 2018 03:58:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=from:subject:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=2NJzbCOyN9TAtqQODGpL8rDEMyIFHnOg1iSjJ0o56LQ=; b=pAigalhJhL8jdZlLqq6UHX2rPsgzX79tSOB0K7i9irjcw0Yv7BOqqNrC4CoInAvp4o 3GTD8Zp+VD+oTCyp5qqqxS/2ft7IbEbdLh6E2uC8KzSH6XuDi93wCkRMwATZrkK0hLkw 4syRMIEWwYPJ6TzsxSInb7uIJWhi06gT6EVw2m/PAlbSFSWeSdDALA/ptUwiXqY1OEVw 9uNHLtvxnBx0ok3czt5Zpf96ty7oJ9L2X2Hsc/3bTUSm3XpcLf8/BWEnu3pJFYVMOrXp bLtv1zEc304tzeq9KnWO7XJvuXfBlVQUp3JNeAwY9TzyMlR8Ti2UApu70ZT4eb1xfcRe aRCQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:subject:to:references:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=2NJzbCOyN9TAtqQODGpL8rDEMyIFHnOg1iSjJ0o56LQ=; b=bSUmex2wX8aLbJNqAdx1VnyGkQErZYFTSslcmeJekDyzHa8o5q5ZXa82nMjvmzlB5X JDtNbJIMGkS8GqpsMVL7Fyr+m6XpLYtb+hAA2wiLy//0FldYKvoqTA+hRuQj1bka2Ftm Aud8kYs6Ge2OwHdvpQHtcx3OZ4lWPHKBfRnmGVCv+j/5osOrHWt0LnDnMsAOqoN0I/Dl Y0hdgl6YI3iNyHzDyDj5z1ITJOhaSwaDTceG/oaXmAk+VjAQpJ9xAvEEcl7nxFdM9QRf uUZuiYhU7NIMl9glDh5FVs0r6QlORBxikfoWa8cHIYF+az+K/iDPVRBh4zzz+/4vcUxO LFhg==
X-Gm-Message-State: AA+aEWakHkXlq6GFT16SaKpZLMHy49y4LBV4FvZb7XGx8Ttf/ewaO3Im SZLldFHjuFB3EAm1jqd4IrtaKAvW
X-Google-Smtp-Source: AFSGD/Xh0ZoFmEmZo7hToXJ6/aNlcQEUNBxXwmytZU72Cb3SoRGDkikvdmUvxQmASjtaAWo4g/GubA==
X-Received: by 2002:a1c:c483:: with SMTP id u125mr5500827wmf.14.1542801532120; Wed, 21 Nov 2018 03:58:52 -0800 (PST)
Received: from ROADKILL.local ([]) by with ESMTPSA id z3-v6sm541276wma.6.2018. for <> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 21 Nov 2018 03:58:51 -0800 (PST)
From: Thomas Peterson <>
References: <> <> <> <> <> <> <> <> <> <>
Message-ID: <>
Date: Wed, 21 Nov 2018 11:58:50 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.3.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------45309DD1C42A6B74CC7E0EC1"
Content-Language: en-GB
Archived-At: <>
Subject: Re: [DNSOP] Fundamental ANAME problems
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 21 Nov 2018 11:59:00 -0000

To hopefully awaken and further inform the discussion around the ANAME 
and HTTP draft specifications that have been put forward, I've done some 
further analysis across the Alexa top 1 million domains - my initial 
findings are available at .

A brief summary of what I have found across the entire dataset:

* 51% of www records return an A record
* 47% of www records return a CNAME
   * 64% of those point www back to apex (i.e. IN CNAME
* 17 www records are DNAME

Any feedback, corrections, and suggestions would be greatly appreciated.


On Tue, 6 Nov 2018 at 10:22, Thomas Peterson < 
<>> wrote:

    That may be the case from your own (presumably anecdotal)
    experience, however I took the Alexa top 1 million websites and
    queried for A* and CNAME against the www records for the top 10 000
    domains. What I found is that approximately 44% returned CNAME
    records, 56% returning A records.

    Code is here
    if anyone wishes to look.


    * I realise that I could have added AAAA. My presumption is that the
    top 10k websites are not v6 only and at least have an A record in place.

    *From: *DNSOP <
    <>> on behalf of Olli Vanhoja
    < <>>
    *Date: *Tuesday, 6 November 2018 at 08:24
    *To: *< <>>
    *Subject: *Re: [DNSOP] Fundamental ANAME problems

    In fact if you look at the DNS records some big Internet companies

    they rarely use CNAMEs for www but instead you'll see an A record,
    that might

    be even backed by a proprietary ANAME solution.