Re: [DNSOP] Fundamental ANAME problems

Paul Ebersman <list-dnsop@dragon.net> Sun, 04 November 2018 16:02 UTC

Return-Path: <list-dnsop@dragon.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7782A130DCF for <dnsop@ietfa.amsl.com>; Sun, 4 Nov 2018 08:02:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IXuQZ5O9Z-NQ for <dnsop@ietfa.amsl.com>; Sun, 4 Nov 2018 08:02:39 -0800 (PST)
Received: from mail.dragon.net (mail.dragon.net [IPv6:2001:4f8:3:36::235]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBC7B127332 for <dnsop@ietf.org>; Sun, 4 Nov 2018 08:02:39 -0800 (PST)
Received: from fafnir.remote.dragon.net (localhost [IPv6:::1]) by mail.dragon.net (Postfix) with ESMTP id BEEC237400E1; Sun, 4 Nov 2018 08:02:39 -0800 (PST)
Received: by fafnir.remote.dragon.net (Postfix, from userid 501) id 94530D3146B; Sun, 4 Nov 2018 09:02:39 -0700 (MST)
Received: from fafnir.local (localhost [127.0.0.1]) by fafnir.remote.dragon.net (Postfix) with ESMTP id 909DDD3146A; Sun, 4 Nov 2018 09:02:39 -0700 (MST)
From: Paul Ebersman <list-dnsop@dragon.net>
To: Ray Bellis <ray@bellis.me.uk>
cc: dnsop@ietf.org
In-reply-to: <7306cd16-675c-70b1-acb1-ba66507028d4@bellis.me.uk>
References: <CAH1iCirXYsYB3sAo8f1Jy-q4meLmQAPSFO-7x5idDufdT_unXQ@mail.gmail.com> <alpine.DEB.2.20.1811021543210.24450@grey.csi.cam.ac.uk> <CAH1iCioQX84JThYXPKzaiZ0MxPuDXRa2ttSnxYr6DCmRQxAmew@mail.gmail.com> <7306cd16-675c-70b1-acb1-ba66507028d4@bellis.me.uk>
Comments: In-reply-to Ray Bellis <ray@bellis.me.uk> message dated "Sun, 04 Nov 2018 20:19:35 +0700."
X-Mailer: MH-E 7.4.2; nmh 1.7.1; XEmacs 21.4 (patch 22)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <8935.1541347359.1@fafnir.local>
Date: Sun, 04 Nov 2018 09:02:39 -0700
Message-Id: <20181104160239.94530D3146B@fafnir.remote.dragon.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ZGXmOAJYY0EQRsdmIUYCDR-L5MA>
Subject: Re: [DNSOP] Fundamental ANAME problems
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Nov 2018 16:02:42 -0000

ray> Architecturally, the important part of my proposal is that
ray> resolution of the A and AAAA records is done *at the recursive
ray> layer* of the DNS, with no interference with how authoritative
ray> resolution works.

Have you confirmed with the large CDNs doing geo-ip, load-balancing, etc
that this is what they want, since they are largely driving all of this?

I'd guess that they would prefer this in the auth layer, where they own
or have contractual relationship with the zone owner.

Yes, as DNS software folks, we'd like to keep auth doing auth and have
only recursive doing lookups but I'm not sure that solves the problem in
a way that will be accepted.